A company needs to architect a hybrid DNS solution. This solution will use an Amazon Route 53 private hosted zone for the domain cloud.example.com for the resources stored within VPCs. The company has the following DNS resolution requirements: On-premises systems should be able to resolve and connect to cloud.example.com. All VPCs should be able to resolve cloud.example.com. There is already an AWS Direct Connect connection between the on-premises corporate network and AWS Transit Gateway. Which architecture should the company use to meet these requirements with the HIGHEST performance?

A. Associate the private hosted zone to all the VPCs. Create a Route 53 inbound resolver in the shared services VPC. Attach all VPCs to the transit gateway and create forwarding rules in the on-premises DNS server for cloud.example.com that point to the inbound resolver. B. Associate the private hosted zone to all the VPCs. Deploy an Amazon EC2 conditional forwarder in the shared services VPC. Attach all VPCs to the transit gateway and create forwarding rules in the on-premises DNS server for cloud.example.com that point to the conditional forwarder. C. Associate the private hosted zone to the shared services VPCreate a Route 53 outbound resolver in the shared services VPAttach all VPCs to the transit gateway and create forwarding rules in the on-premises DNS server for cloud.example.com that point to the outbound resolver. D. Associate the private hosted zone to the shared services VPC. Create a Route 53 inbound resolver in the shared services VPC. Attach the shared services VPC to the transit gateway and create forwarding rules in the on-premises DNS server for cloud.example.com that point to the inbound resolver.

풀이 및 공부

route 53 resolver

hybrid cloud 환경에서 dns query를 위해 나온 서비스

inbound resolver : 온프레미스 환경에서 route53의 dns를 이용할 때 사용 outbound resolver : vpc에서 온프레미스의 dns를 이용할 때 사용

문제에서

On-premises systems should be able to resolve and connect to cloud.example.com.

라고 나와있으니 inbound resolver 에 대해서 더 알아보자

inbound resolver

test.example.com (192.168.1.10) 이 private hosted zone에 등록되어있다.

Inbound endnpoint를 만들어서 온프레미스에서 접근할 수 있게 해준다.

온프레미스에서 dig을 통해 test.example.com의 도메인 네임을 쿼리하면 192.168.1.10을 정상적으로 확인할 수 있다.

참고

• https://www.youtube.com/watch?v=GTwajBL0uzU
• https://aws.amazon.com/ko/blogs/networking-and-content-delivery/centralized-dns-management-of-hybrid-cloud-with-amazon-route-53-and-aws-transit-gateway/