Which configuration will meet these requirements?
Configure the VPC DHCP options set to point to on-premises DNS server IP addresses. Ensure that security groups for EC2 instances allow outbound access to port 53 on those DNS server IP addresses.
Launch an EC2 instance that has DNS BIND installed and configured. Ensure that the security groups that are attached to the EC2 instance can access the on-premises DNS server IP address on port 53. Configure BIND to forward DNS queries to on-premises DNS server IP addresses. Configure each migrated EC2 instance’s DNS settings to point to the BIND server IP address.
Create a new outbound endpoint in Route 53, and attach the endpoint to the VPC. Ensure that the security groups that are attached to the endpoint can access the on-premises DNS server IP address on port 53. Create a new Route 53 Resolver rule that routes on-premises designated traffic to the on-premises DNS server.
Create a new private DNS zone in Route 53 with the same domain name as the on-premises domain. Create a single wildcard record with the on-premises DNS server IP address as the record’s address.
Explanations:
This option configures the VPC DHCP options to use the on-premises DNS servers. However, it does not address how to resolve DNS queries for services in AWS, as the instances would only use the on-premises DNS servers without any integration for Route 53, leading to potential issues during migration.
While using an EC2 instance with BIND to forward DNS queries can work, it introduces unnecessary complexity and a single point of failure. Additionally, it requires manual configuration of each EC2 instance to point to the BIND server, which is not efficient for a multi-instance environment.
This option utilizes Route 53 Resolver with an outbound endpoint to facilitate DNS resolution. It allows AWS services to resolve on-premises DNS queries while maintaining integration with Route 53. The new resolver rule can effectively route traffic to the on-premises DNS server, satisfying the requirements for both AWS and on-premises DNS resolution.
Creating a private DNS zone with a wildcard record pointing to the on-premises DNS server does not allow for dynamic resolution of different DNS queries. It lacks the necessary integration for effective resolution during the migration, and individual DNS records for specific services would not be handled properly.