Which solution will meet these requirements with the LEAST administrative overhead?
Provision a set of EC2 instances across two Availability Zones in the VPC as caching DNS servers to resolve DNS queries from the application servers within the VPC.
Provision an Amazon Route 53 private hosted zone. Configure NS records that point to on-premises DNS servers.
Create DNS endpoints by using Amazon Route 53 Resolver Add conditional forwarding rules to resolve DNS namespaces between the on-premises data center and the VPC.
Provision a new Active Directory domain controller in the VPC with a bidirectional trust between this new domain and the on-premises Active Directory domain.
Explanations:
While provisioning EC2 instances as caching DNS servers could resolve DNS queries, it involves more administrative overhead for managing the servers and ensuring they are highly available across multiple Availability Zones.
Creating a Route 53 private hosted zone and configuring NS records is not a complete solution, as it does not facilitate direct resolution of on-premises DNS entries without additional forwarding configurations.
Using Amazon Route 53 Resolver with conditional forwarding rules allows seamless DNS resolution between the on-premises Active Directory and the VPC. This setup minimizes administrative overhead by leveraging AWS-managed services for DNS resolution.
Provisioning a new Active Directory domain controller in the VPC introduces significant complexity, as it requires domain synchronization and management of a new domain, which increases administrative overhead compared to the other options.
I suspect that the answer is:
Create DNS endpoints by using Amazon Route 53 Resolver Add conditional forwarding rules to resolve DNS namespaces between the on-premises data center and the VPC.
I rank that the answer is:
Create DNS endpoints by using Amazon Route 53 Resolver Add conditional forwarding rules to resolve DNS namespaces between the on-premises data center and the VPC.