exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 119 discussion

A network engineer is working on a private DNS design to integrate AWS workloads and on-premises resources. The AWS deployment consists of five VPCs in the eu-west-1 Region that connect to the on-premises network over AWS Direct Connect. The VPCs communicate with each other by using a transit gateway. Each VPC is associated with a private hosted zone that uses the aws.example.internal domain. The network engineer creates an Amazon Route 53 Resolver outbound endpoint in a shared services VPC and attaches the shared services VPC to the transit gateway.

The network engineer is implementing a solution for DNS resolution. Queries for hostnames that end with aws.example.internal must use the private hosted zone. Queries for hostnames that end with all other domains must be forwarded to a private on-premises DNS resolver.

Which solution will meet these requirements?

  • A. Add a forwarding rule for “*” that targets the on-premises server's DNS IP address. Add a system rule for aws.example.internal that targets Route 53 Resolver.
  • B. Add a forwarding rule for aws.example.internal that targets Route 53 Resolver. Add a system rule for “.” that targets the Route 53 Resolver outbound endpoint.
  • C. Add a forwarding rule for “*” that targets the Route 53 Resolver outbound endpoint.
  • D. Add a forwarding rule for “.” that targets the Route 53 Resolver outbound endpoint.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
JosMo
Highly Voted 1 year, 5 months ago
Selected Answer: D
Answer is : D don't need a rules for aws.external. Quote: "If the domain name in a query doesn't match the domain name in any other rules, Resolver forwards the query based on the settings in the autodefined "." (dot) rule. The dot rule applies to all domain names except some AWS internal domain names and record names in private hosted zones" ref : https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-overview-DSN-queries-to-vpc.html#resolver-overview-forward-vpc-to-network-domain-name-matches
upvoted 11 times
Neo00
1 year, 4 months ago
Agree, should be D "The dot rule applies to all domain names except some AWS internal domain names and record names in private hosted zones."
upvoted 3 times
...
DeathFrmAbv
1 year, 4 months ago
Agree, from the doc mentioned "If you want to forward all queries to the DNS resolvers on your network, you can create a custom forwarding rule, specify "." for the domain name, specify Forwarding for Type, and specify the IP addresses of those resolvers."
upvoted 1 times
...
...
Certified101
Highly Voted 1 year, 4 months ago
Selected Answer: D
In this case, a dot (".") is used as a wildcard to match all other domains. So, by adding a forwarding rule for "." that targets the Route 53 Resolver outbound endpoint, all DNS queries for hostnames that end with any domain other than aws.example.internal will be forwarded to the on-premises DNS resolver through the outbound endpoint. Meanwhile, AWS automatically resolves DNS namespaces for VPCs that are associated with private hosted zones, so queries for hostnames that end with aws.example.internal will be resolved using the private hosted zone without requiring any additional configuration.
upvoted 5 times
...
Spaurito
Most Recent 4 weeks ago
D - The auto defined rules will resolve for internal DNS queries and everything else to the outbound endpoint. https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-overview-DSN-queries-to-vpc.html#resolver-overview-forward-vpc-to-network-autodefined-rules
upvoted 1 times
...
Ravan
3 months, 1 week ago
Selected Answer: A
D. Add a forwarding rule for . that targets the Route 53 Resolver outbound endpoint. This rule would forward all DNS queries to the Route 53 Resolver, which is incorrect as it would not differentiate between queries for aws.example.internal and other domains.
upvoted 1 times
...
Newbies
8 months, 1 week ago
A - Add a fwd rule for "*" that targets the on-premises server's DNS IP address, add aws.example.internal that targets Route 53 Resolver.
upvoted 1 times
...
RVD
1 year, 5 months ago
Selected Answer: B
RuleType When you want to forward DNS queries for specified domain name to resolvers on your network, specify FORWARD. When you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify SYSTEM. For example, to forward DNS queries for example.com to resolvers on your network, you create a rule and specify FORWARD for RuleType. To then have Resolver process queries for apex.example.com, you create a rule and specify SYSTEM for RuleType. Currently, only Resolver can create rules that have a value of RECURSIVE for RuleType.
upvoted 4 times
...
dyaz208
1 year, 5 months ago
Selected Answer: D
I agree with D.
upvoted 3 times
...
AJ7428
1 year, 5 months ago
Selected Answer: D
I agree answer should be D. PHZ resolve by system define rule. https://d1.awsstatic.com/events/reinvent/2019/Deep_dive_on_DNS_in_the_hybrid_cloud_NET410.pdf
upvoted 3 times
...
devilman222
1 year, 5 months ago
I would think you use forwarding rule . for on prem. So D. I just hope I don't get this question since no one know the answer.
upvoted 3 times
...
lygf
1 year, 5 months ago
Selected Answer: B
You use "." to forward all queries to the destination -> A&C out. Despite of that, "Resolver automatically creates autodefined system rules that define how queries for selected domains are resolved by default: For private hosted zones and for Amazon EC2–specific domain names (such as compute.amazonaws.com and compute.internal), autodefined rules ensure that your private hosted zones and EC2 instances continue to resolve if you create conditional forwarding rules for less specific domain names such as "." (dot) or "com"." https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-overview-DSN-queries-to-vpc.html#resolver-overview-forward-vpc-to-network-domain-name-matches https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-overview-DSN-queries-to-vpc.html#resolver-overview-forward-vpc-to-network-autodefined-rules
upvoted 2 times
lygf
1 year, 5 months ago
Sorry, I meant D. You don't need to create a separate rule for aws.example.internal. It will continue to resolve in the PHZ
upvoted 3 times
...
...
papercuts23
1 year, 5 months ago
Selected Answer: D
I think it is D. aws.example.internal will already be using private hosted zone, and does not need any rule.
upvoted 4 times
papercuts23
1 year, 5 months ago
changed my mind. Route 53 use * as wildcard, not '.'. Should be C
upvoted 1 times
lygf
1 year, 5 months ago
No it's "." If you want to forward all queries to your network, you create a rule, specify "." (dot) for the domain name, and associate the rule with the VPCs for which you want to forward all DNS queries to your network. https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-overview-DSN-queries-to-vpc.html#resolver-overview-forward-vpc-to-network-domain-name-matches
upvoted 3 times
...
...
...
ryluis
1 year, 5 months ago
In AWS Route 53, to reach public domains and on-premises networks, you would typically use a forwarding rule. A forwarding rule allows you to forward DNS queries for a specific domain or subdomain to another DNS resolver. This is useful when you want to forward DNS queries from your Route 53 Resolver to an on-premises DNS server or to another DNS service provider for resolution. On the other hand, a system rule is used to specify how the Route 53 Resolver handles DNS queries that don't match any forwarding rules or DNS rules that you've configured. It is typically used for fallback or default behavior. So, to reach public domains and on-premises networks, you would configure a forwarding rule in Route 53 to forward the DNS queries to the appropriate DNS resolver for resolution. answer is A
upvoted 3 times
...
demoras
1 year, 6 months ago
Selected Answer: B
Should be B
upvoted 4 times
...
AJ7428
1 year, 6 months ago
Should be B.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago