AWS Certified Solutions Architect – Professional (SAP-C02) — Question 315
A solutions architect is determining the DNS strategy for an existing VPC. The VPC is provisioned to use the 10.24.34.0/24 CIDR block. The VPC also uses Amazon Route 53 Resolver for DNS. New requirements mandate that DNS queries must use private hosted zones. Additionally instances that have public IP addresses must receive corresponding public hostnames
Which solution will meet these requirements to ensure that the domain names are correctly resolved within the VPC?
Answer options
- A. Create a private hosted zone. Activate the enableDnsSupport attribute and the enableDnsHostnames attribute for the VPC. Update the VPC DHCP options set to include domain-name-servers=10.24.34.2.
- B. Create a private hosted zone Associate the private hosted zone with the VPC. Activate the enableDnsSupport attribute and the enableDnsHostnames attribute for the VPC. Create a new VPC DHCP options set, and configure domain-name-servers=AmazonProvidedDNS. Associate the new DHCP options set with the VPC.
- C. Deactivate the enableDnsSupport attribute for the VPActivate the enableDnsHostnames attribute for the VPCreate a new VPC DHCP options set, and configure doman-name-servers=10.24.34.2. Associate the new DHCP options set with the VPC.
- D. Create a private hosted zone. Associate the private hosted zone with the VPC. Activate the enableDnsSupport attribute for the VPC. Deactivate the enableDnsHostnames attribute for the VPC. Update the VPC DHCP options set to include domain-name-servers=AmazonProvidedDNS.
Correct answer: B
Explanation
To resolve names in a private hosted zone, both the enableDnsSupport and enableDnsHostnames attributes must be set to true for the VPC, and the zone must be explicitly associated with that VPC. Additionally, public hostnames for instances with public IP addresses require enableDnsHostnames to be enabled. Using AmazonProvidedDNS in the DHCP options set ensures that queries are correctly directed to the Route 53 Resolver.