Which strategies would resolve this issue?
(Choose two.)
Define an outbound Amazon Route 53 Resolver. Set a conditional forward rule for the Active Directory domain to the Active Directory servers. Update the VPC DHCP options set to AmazonProvidedDNS.
Update the DNS service on the Active Directory servers to forward all non-authoritative queries to the VPC Resolver.
Define an inbound Amazon Route 53 Resolver. Set a conditional forward rule for the Active Directory domain to the Active Directory servers. Update the VPC DHCP options set to AmazonProvidedDNS.
Update the DNS service on the client instances to split DNS queries between the Active Directory servers and the VPC Resolver.
Update the DNS service on the Active Directory servers to forward all queries to the VPC Resolver.
Explanations:
Configuring an outbound Route 53 Resolver with a conditional forward rule for the AD domain ensures that AD DNS is used for the domain while AmazonProvidedDNS handles all other queries, allowing resolution of private endpoint addresses within the VPC.
Configuring the AD DNS to forward non-authoritative queries to the VPC Resolver enables instances to resolve private endpoint addresses, as the VPC Resolver handles private DNS resolution.
An inbound Route 53 Resolver is used to resolve external queries into a VPC, which does not help instances within the VPC resolve private endpoint addresses.
Modifying client DNS configurations to split queries between AD DNS and VPC Resolver is complex to manage and not a scalable solution in AWS environments; it does not directly solve the private endpoint resolution issue effectively.
Configuring the AD DNS to forward all queries to the VPC Resolver would prevent proper domain controller DNS resolution for AD services, potentially disrupting Active Directory operations, as AD queries would bypass the AD DNS.