Which architecture should the company use to meet these requirements with the HIGHEST performance?

By:
On:
In: SAP-C01
Tagged:
With: 0 Comments
A company needs to architect a hybrid DNS solution.This solution will use an Amazon Route 53 private hosted zone for the domain cloud.example.com for the resources stored within VPCs.✑ The company has the following DNS resolution requirements:✑ On-premises systems should be able to resolve and connect to cloud.example.com.All VPCs should be able to resolve cloud.example.com.There is already an AWS Direct Connect connection between the on-premises corporate network and AWS Transit Gateway.

Which architecture should the company use to meet these requirements with the HIGHEST performance?

Associate the private hosted zone to all the VPCs. Create a Route 53 inbound resolver in the shared services VPC. Attach all VPCs to the transit gateway and create forwarding rules in the on-premises DNS server for cloud.example.com that point to the inbound resolver.

Associate the private hosted zone to all the VPCs. Deploy an Amazon EC2 conditional forwarder in the shared services VPC. Attach all VPCs to the transit gateway and create forwarding rules in the on-premises DNS server for cloud.example.com that point to the conditional forwarder.

Associate the private hosted zone to the shared services VPC. Create a Route 53 outbound resolver in the shared services VPC. Attach all VPCs to the transit gateway and create forwarding rules in the on-premises DNS server for cloud.example.com that point to the outbound resolver.

Associate the private hosted zone to the shared services VPC. Create a Route 53 inbound resolver in the shared services VPC. Attach the shared services VPC to the transit gateway and create forwarding rules in the on-premises DNS server for cloud.example.com that point to the inbound resolver.

Explanations:

This option allows all VPCs to resolve the private hosted zone and provides a mechanism for on-premises systems to resolve cloud.example.com via the Route 53 inbound resolver. The inbound resolver can handle DNS queries from on-premises and forward them to the appropriate private hosted zone, ensuring high performance through direct connectivity via Direct Connect and Transit Gateway.

While this option would allow VPCs to resolve cloud.example.com, deploying an EC2 conditional forwarder does not integrate as seamlessly with Route 53 private hosted zones as an inbound resolver. This could introduce additional latency and complexity without providing the same performance benefits as the Route 53 inbound resolver.

This option suggests using an outbound resolver, which is not necessary for the requirements. An outbound resolver is designed for forwarding requests from a private hosted zone to an external DNS resolver, which does not align with the requirement of allowing on-premises systems to resolve cloud.example.com. This could lead to unnecessary routing and delays.

This option is incorrect as it associates the private hosted zone only with the shared services VPC and not with all VPCs. While it allows the shared services VPC to resolve the DNS queries, other VPCs would be unable to resolve cloud.example.com without additional configurations, thus not meeting the requirement that all VPCs should be able to resolve it.

Leave a Reply

Your email address will not be published. Required fields are marked *

5 × 3 =