ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam ANS-C00 All Questions

View all questions & answers for the ANS-C00 exam
Go to Exam

Exam ANS-C00 topic 1 question 48 discussion

Exam question from Amazon's ANS-C00
Question #: 48
Topic #: 1
[All ANS-C00 Questions]

You use a VPN to extend your corporate network into a VPC. Instances in the VPC are able to resolve resource records in an Amazon Route 53 private hosted zone. Your on-premises DNS server is configured with a forwarder to the VPC DNS server IP address. On-premises users are unable to resolve names in the private hosted zone, although instances in a peered VPC can.
What should you do to provide on-premises users with access to the private hosted zone?

  • A. Create a proxy resolver within the VPC. Point the on-premises forwarder to the proxy resolver.
  • B. Modify the network access control list on the VPC to allow DNS queries from on-premises systems.
  • C. Configure the on-premises server as a secondary DNS for the private zone. Update the NS records.
  • D. Update the on-premises forwarders with the four name servers assigned to the private hosted zone.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by HazemYousry at Sept. 27, 2019, 9:38 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
HazemYousry
Highly Voted 3 years, 7 months ago
Answer is A
upvoted 12 times
...
learningaws
Highly Voted 3 years, 6 months ago
It's A. In the reference they give in D, they use a DNS forwarder too
upvoted 6 times
...
etarga
Most Recent 2 years, 3 months ago
Selected Answer: A
Correct Answer A
upvoted 1 times
...
PavanKushwah123
2 years, 3 months ago
Correct Answer D
upvoted 1 times
...
sapien45
3 years, 1 month ago
Difficult to respond when the question deals with outdated setup. There is no mention of R53 Inbound Resolver, however, if it was the case, I would say that on-premises subdomain delegation is not working because port 53 is blocked by NACL B
upvoted 1 times
...
ercicho
3 years, 3 months ago
Selected Answer: A
is the right one
upvoted 2 times
...
keitahigaki
3 years, 5 months ago
The answer is B. The reason why it is not A is that it is already configured with the forwarder of the IP address of the VPC, so there is no problem with the setting. This is because a DNS query is not allowed due to a NACL issue. https://aws.amazon.com/jp/blogs/security/how-to-set-up-dns-resolution-between-on-premises-networks-and-aws-by-using-unbound/
upvoted 2 times
Jazz888
3 years, 2 months ago
I admire your view on the question. I am convinced the answer must be B. Reading the question carefully all is set up the only problem is traffic is not reaching the VPC DNS resolvers which I believe are configured to forward requests to Route 53 - (Conditional Forwarding)
upvoted 2 times
...
...
MaikM
3 years, 6 months ago
What is "proxy resolver". Never heard that term. Is that the Route 53 Inbound endpoint ?
upvoted 1 times
Ishu_awsguy
3 years, 6 months ago
Yes, it is inbound endpoint in route 53. Actually this question and the link of using thir party resolver dates back to 2016, at that point inbound and outbound endpoint service was not available with route 53. Now , for resolving DNS queries from onprem , create forwarder to the route 53 inbound endpoint.
upvoted 1 times
TerrenceC
3 years, 6 months ago
One more input from myself. Before Route53 In/Outbound Endpoint is released, the "proxy resolver" is more about that you create a self-managed DNS instance within the VPC.
upvoted 1 times
...
...
...
chris46
3 years, 6 months ago
I think it's B. What would A do? The on premise DNS servers are already pointed at the VPC DNS server x.x.x.2. The VPC instance have no issues resolving, but only the on premise entities cant due to access.
upvoted 2 times
Kentik
3 years, 6 months ago
I believe the AWS VPC DNS servers only respond to query made from inside the VPC or Peer VPC end DNS is enable, and thats why you need to use a proxy so for AWS point of view the query originated inside the VPC
upvoted 2 times
...
...
Johnny_Green
3 years, 6 months ago
A is correct. Here is a link that provides some detailed explanations on resolving DNS queries between VPCs and your network: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html Note that proxy resolver simply passes all requests to upstream DNS server and returns response.
upvoted 4 times
Johnny_Green
3 years, 6 months ago
There is also a YouTube video that shows how Route 53 resolver works: https://www.youtube.com/watch?v=Rka2rs0J9BI
upvoted 2 times
...
...
kvirk
3 years, 6 months ago
A is correct
upvoted 3 times
...
BillyC
3 years, 6 months ago
A sound good
upvoted 3 times
...
ohcan
3 years, 6 months ago
I'll go for A
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago