Which solution meets these requirements?
Create an empty private zone in Amazon Route 53 for company.example. Add an additional NS record to the company’s on-premises company.example zone that points to the authoritative name servers for the new private zone in Route 53.
Turn on DNS hostnames for the VPC. Configure a new outbound endpoint with Amazon Route 53 Resolver. Create a Resolver rule to forward requests for company.example to the on-premises name servers.
Turn on DNS hostnames for the VPConfigure a new inbound resolver endpoint with Amazon Route 53 Resolver. Configur&the on-premises DNS server to forward requests for company.example to the new resolver.
Use AWS Systems Manager to configure a run document that will install a hosts file that contains any required hostnames. Use an Amazon EventBridge rule to run the document when an instance is entering the running state.
Explanations:
Creating a private zone in Route 53 and adding an NS record would not work because Route 53 private hosted zones are only resolvable within the VPC and do not support forwarding requests to on-premises name servers.
Using a Route 53 Resolver outbound endpoint and configuring a forwarding rule to send requests for company.example to on-premises DNS servers allows VPC instances to resolve on-premises domain names effectively.
An inbound resolver endpoint allows on-premises systems to resolve private hosted zone records in Route 53, but it does not enable instances within the VPC to resolve on-premises DNS names, which is required here.
Using a hosts file is not scalable or manageable for DNS resolution in this scenario, as it would require manual maintenance for any hostname changes and does not provide real DNS query functionality.