Which solution will meet these requirements with the LEAST operational overhead?
Create a shared services VPC in a new AWS account. Deploy Amazon Route 53 outbound resolvers. For relevant on-premises domains, use the outbound resolver settings to create forwarding rules that point to the on-premises DNS servers. Share these rules with the other AWS accounts by using AWS Resource Access Manager.
Deploy Multi-AZ Amazon Route 53 outbound resolvers in each VPC. Create forwarding rules that point to on-premises DNS servers in local outbound resolvers for each VPC.
Create a shared services VPC in a new AWS account. Deploy Amazon EC2 instances that act conditional forwarders inside the shared services VPC. Change the DHCP options set in each VPC to point to these forwarders as DNS servers. Create forwarding rules for relevant on-premises domains in these forwarders.
Create a shared services VPC in a new AWS account. Deploy Amazon Route 53 inbound resolvers. For relevant on-premises domains, create forwarding rules that point to on-premises DNS servers. Share these rules with other AWS accounts by using AWS Resource Access Manager.
Explanations:
This option provides the least operational overhead by centralizing DNS resolution through a shared services VPC and using Amazon Route 53 outbound resolvers with forwarding rules. AWS Resource Access Manager can share these rules across accounts.
Deploying outbound resolvers in each VPC adds operational overhead and cost, as each VPC needs its own resolvers and forwarding rules, which is inefficient and unnecessary for shared resolution across accounts.
Using EC2 instances as conditional forwarders in a shared services VPC introduces additional management and operational complexity, as it requires maintaining and scaling instances and custom DNS configurations.
Inbound resolvers are meant for inbound DNS requests from on-premises to AWS; they do not forward queries from AWS to on-premises. Therefore, they cannot resolve the on-premises domain names as required by the scenario.