Which solution will meet these requirements with the LEAST administrative overhead?
Provision a set of EC2 instances across two Availability Zones in the VPC as caching DNS servers to resolve DNS queries from the application servers within the VPC.
Provision an Amazon Route 53 private hosted zone. Configure NS records that point to on-premises DNS servers.
Create DNS endpoints by using Amazon Route 53 Resolver. Add conditional forwarding rules to resolve DNS namespaces between the on-premises data center and the VPC.
Provision a new Active Directory domain controller in the VPC with a bidirectional trust between this new domain and the on-premises Active Directory domain.
Explanations:
Provisioning EC2 instances as caching DNS servers would require additional management for the instances, including maintenance, scaling, and high availability across multiple Availability Zones, leading to increased administrative overhead.
While provisioning a Route 53 private hosted zone could allow DNS resolution, managing NS records to point to on-premises DNS servers would still involve significant complexity in configuration and maintenance, thus increasing administrative overhead.
Using Amazon Route 53 Resolver allows for the creation of DNS endpoints with conditional forwarding rules, enabling seamless DNS resolution between the VPC and on-premises Active Directory with minimal management required. This solution is designed for hybrid environments, offering a managed way to resolve DNS queries without needing to manage additional infrastructure.
Provisioning a new Active Directory domain controller in the VPC would involve significant overhead related to managing and synchronizing the two domains, including handling trust relationships, user accounts, and domain policies. This approach adds complexity rather than reducing it.
I suspect that the answer is:
Create DNS endpoints by using Amazon Route 53 Resolver. Add conditional forwarding rules to resolve DNS namespaces between the on-premises data center and the VPC.
If I’m correct, the answer is:
Create DNS endpoints by using Amazon Route 53 Resolver. Add conditional forwarding rules to resolve DNS namespaces between the on-premises data center and the VPC.