Exam AWS Certified SysOps Administrator - Associate topic 1 question 363 discussion

Option A involves setting up an Amazon Route 53 inbound resolver endpoint with a forwarding rule for the onprem.private hosted zone, associating the resolver with the VPC of the EC2 instance, and configuring the on-premises DNS resolver to forward onprem.private DNS queries to the inbound resolver endpoint. However, this solution would not allow the on-premises application to resolve the EC2 instance hostname because it is forwarding queries for the onprem.private hosted zone instead of the awscloud.private hosted zone. Option B is still the correct solution as it involves setting up an Amazon Route 53 inbound resolver endpoint, associating the resolver with the VPC of the EC2 instance, and configuring the on-premises DNS resolver to forward awscloud.private DNS queries to the inbound resolver endpoint. This would allow the on-premises application to resolve the EC2 instance hostname. B is correct.

Set up an Amazon Route 53 inbound resolver endpoint: This allows DNS resolution for private DNS namespaces in the VPC that you associate with the resolver. Associate the resolver with the VPC of the EC2 instance: By associating the resolver with the VPC of the EC2 instance that runs the application with the hostname "host1.awscloud.private", DNS queries from that VPC will be resolved by the inbound resolver. Configure the on-premises DNS resolver to forward awscloud.private DNS queries: This step is done on the on-premises DNS resolver. You need to configure it to forward DNS queries for the "awscloud.private" domain to the inbound resolver endpoint. With this configuration, when the application in the on-premises data center tries to resolve the hostname of the EC2 instance in AWS (host1.awscloud.private), the DNS query will be forwarded to the Amazon Route 53 inbound resolver, and it will be able to resolve the private hostname.

'inbout resolver endpoint' --> A or B. --> Associate the resolver with the VPC of the EC2 instance. NOT '... onprem.private hosted zone...' --> B.

Option B is more about forwarding the DNS queries from on-premises to the inbound resolver without specifying a forwarding rule for the onprem.private zone, which is less specific.

A is the reasonable answer

In Option A, the forwarding rule is specifically configured for the onprem.private hosted zone, which means only DNS queries for this zone are forwarded to the resolver endpoint. This ensures that DNS queries originating from the on-premises network for resources in the onprem.private domain are resolved within the AWS environment. In Option B, there is no specific forwarding rule mentioned. Instead, it suggests forwarding all DNS queries for the awscloud.private domain to the Route 53 resolver endpoint. This may result in unnecessary traffic being forwarded to the resolver endpoint, potentially impacting performance or leading to additional costs. Considering the requirements stated in the question, where the goal is to enable DNS resolution between the on-premises application and the EC2 instance, Option A seems to be the more appropriate choice. It specifically targets the domain used by the EC2 instance (onprem.private) and ensures efficient resolution of DNS queries for this domain within the AWS environment. Therefore, Option A is the preferred solution.

Setting up an inbound resolver endpoint allows the VPC of the EC2 instance to forward DNS queries for the onprem.private hosted zone. The on-premises DNS resolver should be configured to forward onprem.private DNS queries to the inbound resolver endpoint, enabling DNS resolution between on-premises and AWS resources. This approach aligns with the scenario's requirements and enables DNS resolution for the specified private hosted zone. Therefore, option A is the correct solution

I think B is the correct

A is not correct because the forwarding rule is pointing to onprem.private hosted zone. The forwarding rule must point to the destination domain and not the source domain. B is the correct answer. https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html

B is correct

B is the answer. Route 53 resolver provides resolution for AWS resources and on-prem dns NS provides resolution for on-prem resources. When DNS NS gets a dns query for AWS resources, it forwards it to Route 53 resolver.

Answer A is not correct because it suggests setting up an Amazon Route 53 inbound resolver endpoint with a forwarding rule for the onprem.private hosted zone.

A: By setting up an inbound resolver endpoint in Amazon Route 53 and associating it with the VPC of the EC2 instance, DNS queries for the onprem.private hosted zone originating from the on-premises network will be resolved by the Amazon Route 53 resolver. The inbound resolver endpoint acts as a DNS forwarder, forwarding DNS queries to the on-premises DNS resolver.

I think A it's the better choice