Which solution meets these requirements?

By:
On:
In: SAP-C01
Tagged:
With: 0 Comments
A company plans to deploy a new private intranet service on Amazon EC2 instances inside a VPC.An AWS Site-to-Site VPN connects the VPC to the company’s on-premises network.The new service must communicate with existing on-premises services.The on-premises services are accessible through the use of hostnames that reside in the company.example DNS zone.This DNS zone is wholly hosted on premises and is available only on the company’s private network.A solutions architect must ensure that the new service can resolve hostnames on the company example domain to integrate with existing services.

Which solution meets these requirements?

Create an empty private zone in Amazon Route 53 for company example. Add an additional NS record to the company’s on-premises company.example zone that points to the authoritative name servers for the new private zone in Route 53.

Turn on DNS hostnames for the VPC. Configure a new outbound endpoint with Amazon Route 53 Resolver. Create a Resolver rule to forward requests for company.example to the on-premises name servers.

Turn on DNS hostnames for the VPC. Configure a new inbound resolver endpoint with Amazon Route 53 Resolver. Configure the on-premises DNS server to forward requests for company.example to the new resolver.

Use AWS Systems Manager to configure a run document that will install a hosts file that contains any required hostnames. Use an Amazon EventBridge (Amazon CloudWatch Events) rule to run the document when an instance is entering the running state.

Explanations:

Creating an empty private zone in Route 53 and adding an NS record to the on-premises DNS zone would not enable the new service to resolve on-premises hostnames. The on-premises DNS would not have knowledge of the Route 53 private zone, leading to failed resolution of company.example domains.

Enabling DNS hostnames for the VPC and configuring an outbound resolver endpoint with Route 53 Resolver allows the VPC to forward DNS queries for the company.example domain to the on-premises DNS servers. This ensures that the new service can resolve hostnames within the on-premises DNS zone, meeting the integration requirements.

Turning on DNS hostnames for the VPC and configuring an inbound resolver endpoint would not resolve the problem because this configuration expects the on-premises DNS server to forward requests to Route 53 Resolver, which is opposite to the desired direction of resolving external names. The on-premises DNS server needs to handle the resolution directly.

Using AWS Systems Manager to configure a hosts file is not a scalable or dynamic solution. This approach would require manual updates to the hosts file for any changes in hostnames, and it does not provide real-time resolution capabilities for the existing on-premises services.

Leave a Reply

Your email address will not be published. Required fields are marked *

sixteen + 3 =