A company needs to architect a hybrid DNS solution. This solution will use an Amazon Rout…

Question

A company needs to architect a hybrid DNS solution. This solution will use an Amazon Route 53 private hosted zone for the domain cloud.example.com for the resources stored within VPCs.
✑ The company has the following DNS resolution requirements:
✑ On-premises systems should be able to resolve and connect to cloud.example.com.
All VPCs should be able to resolve cloud.example.com.
There is already an AWS Direct Connect connection between the on-premises corporate network and AWS Transit Gateway.
Which architecture should the company use to meet these requirements with the HIGHEST performance?

Accepted Answer

Correct answer: D. D. Associate the private hosted zone to the shared services VPC. Create a Route 53 inbound resolver in the shared services VPC. Attach the shared services VPC to the transit gateway and create forwarding rules in the on-premises DNS server for cloud.example.com that point to the inbound resolver. — To allow on-premises systems to resolve names in an Amazon Route 53 private hosted zone (PHZ), a Route 53 Inbound Resolver endpoint is required to receive forwarded queries from the on-premises DNS servers. Option D is the most performant and architecturally efficient because it associates the PHZ with the shared services VPC containing the inbound resolver and attaches only that VPC to the Transit Gateway, avoiding the overhead of attaching every VPC. Other options either use inefficient EC2-based forwarders, incorrect outbound resolvers, or introduce unnecessary routing complexity by attaching all VPCs to the Transit Gateway for DNS resolution.

AWS Certified Solutions Architect – Professional — Question 474

Answer options

Correct answer: D

Explanation