Which architecture should the company use to meet these requirements with the HIGHEST performance?
Associate the private hosted zone to all the VPCs. Create a Route 53 inbound resolver in the shared services VPC. Attach all VPCs to the transit gateway and create forwarding rules in the on-premises DNS server for cloud.example.com that point to the inbound resolver.
Associate the private hosted zone to all the VPCs. Deploy an Amazon EC2 conditional forwarder in the shared services VPC. Attach all VPCs to the transit gateway and create forwarding rules in the on-premises DNS server for cloud.example.com that point to the conditional forwarder.
Associate the private hosted zone to the shared services VPCreate a Route 53 outbound resolver in the shared services VPAttach all VPCs to the transit gateway and create forwarding rules in the on-premises DNS server for cloud.example.com that point to the outbound resolver.
Associate the private hosted zone to the shared services VPC. Create a Route 53 inbound resolver in the shared services VPC. Attach the shared services VPC to the transit gateway and create forwarding rules in the on-premises DNS server for cloud.example.com that point to the inbound resolver.
Explanations:
Associating the private hosted zone with all VPCs allows them to resolvecloud.example.com. The Route 53 inbound resolver provides high performance by allowing on-premises systems to directly query the DNS records through the Direct Connect connection, ensuring fast resolution and connectivity.
Using an EC2 conditional forwarder instead of the Route 53 inbound resolver adds unnecessary complexity and potential latency. While it can achieve DNS resolution, it does not leverage the fully managed DNS service features of Route 53, making it less efficient for high-performance requirements.
Associating the private hosted zone only with the shared services VPC limits the DNS resolution to that VPC, preventing all other VPCs from resolvingcloud.example.com. Furthermore, using an outbound resolver does not meet the requirement for on-premises resolution, as it is designed for outbound queries to external DNS servers.
Associating the private hosted zone with only the shared services VPC restricts DNS resolution capabilities. While it proposes using an inbound resolver, it does not include all VPCs in the hosted zone association, which is crucial for meeting the requirement that all VPCs can resolvecloud.example.com.