AWS Certified SysOps Administrator – Associate — Question 119

A company recently migrated its application to a VPC on AWS. An AWS Site-to-Site VPN connection connects the company’s on-premises network to the VPC. The application retrieves customer data from another system that resides on premises. The application uses an on-premises DNS server to resolve domain records. After the migration, the application is not able to connect to the customer data because of name resolution errors.

Which solution will give the application the ability to resolve the internal domain names?

Answer options

• A. Launch EC2 instances in the VPC. On the EC2 instances, deploy a custom DNS forwarder that forwards all DNS requests to the on-premises DNS server. Create an Amazon Route 53 private hosted zone that uses the EC2 instances for name servers.
• B. Create an Amazon Route 53 Resolver outbound endpoint. Configure the outbound endpoint to forward DNS queries against the on-premises domain to the on-premises DNS server.
• C. Set up two AWS Direct Connect connections between the AWS environment and the on-premises network. Set up a link aggregation group (LAG) that includes the two connections. Change the VPC resolver address to point to the on-premises DNS server.
• D. Create an Amazon Route 53 public hosted zone for the on-premises domain. Configure the network ACLs to forward DNS requests against the on-premises domain to the Route 53 public hosted zone.

Correct answer: B

Explanation

The correct solution is B because it directly establishes a Route 53 Resolver outbound endpoint that forwards DNS queries from the VPC to the on-premises DNS server, resolving the name resolution issue. Option A relies on deploying EC2 instances which may introduce unnecessary complexity, while C does not address the DNS forwarding directly and instead focuses on infrastructure connections. Option D is incorrect as it involves creating a public hosted zone, which is not suitable for internal domain names.