Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Advanced Networking – Specialty I think you cannot have DNSSEC on Route 53 for DN Service -only for registration

  • I think you cannot have DNSSEC on Route 53 for DN Service -only for registration

  • mitul-patel

    Member
    October 3, 2020 at 10:59 pm

    A Network Engineer has been tasked to protect the company’s publicly accessible online customer portal and to secure the clients’ sensitive financial information. Hackers must be prevented from intercepting DNS queries and from replacing the actual IP addresses of the website with unauthorized IP addresses in the DNS resolvers. The solution should protect the users from being routed to the IP addresses provided by the attackers in the spoofed response that could potentially direct them to fake or phishing websites.

    What should the Engineer do to satisfy this requirement?

    That’s why the correct answer here is wrong?

  • Jon-Bonso

    Administrator
    October 4, 2020 at 7:36 am
    Hi,

    Thank you for posting your question. Route 53 provides two functions:

    1. Domain registration

    2. DNS Service

    DNSSEC is only supported for domain registration and not when you are using Route 53 as your DNS service. If you want to use DNSSEC with Route 53, you have to use another DNS Service provider or set up your own DNS BIND Server.

    This is discussed in the provided explanation:

    Amazon Route 53 supports DNSSEC for domain registration. However, Route 53 does not support DNSSEC for DNS service, regardless of whether the domain is registered with Route 53. If you want to configure DNSSEC for a domain that is registered with Route 53, you must either use another DNS service provider or set up your own DNS server.

    This is supported by the AWS documentation:

    https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-configure-dnssec.html

    I understand that the answer didn’t mention anything about launching your own DNS server. I’ll revise this to: “Set up your own DNS server and enable Domain Name System Security Extensions (DNSSEC) in Amazon Route 53.” to avoid any issues.

    Let us know if you need further assistance. The Tutorials Dojo team is dedicated to help you pass your AWS exam on your first try!

    Regards,

    Jon Bonso @ Tutorials Dojo

  • Jon-Bonso

    Administrator
    October 7, 2020 at 1:21 pm

    As an additional reference, here’s how the DNSSEC feature looks like in Route 53:

    • Rafa314

      Member
      January 2, 2021 at 5:40 am

      Hi Jon

      It seems there is a recent development (Dec. 17,2020) on this service. DNSSEC now available also for signing in addition to registration: https://aws.amazon.com/about-aws/whats-new/2020/12/announcing-amazon-route-53-support-dnssec/

      Related question: In your experience, how does AWS handle these service updates? Do they upgrade their exam questions inmediately, or can we expect questions that assume the old behavior?

      Cheers

      Rafa

      • Jon-Bonso

        Administrator
        January 2, 2021 at 10:18 am

        Thanks, Rafa for posting in our QA. For the new features and services in AWS, it won’t show up immediately as per the official AWS Certification FAQs:

        https://aws.amazon.com/certification/faqs/

        When AWS releases a new product or service, how soon will it appear on the exam?
        A new product, service, or feature must be generally available (GA) for 6 months prior to it appearing on a certification exam. Note that this applies only to certification exams, not training: training will cover new services and features more quickly. The AWS Certification team wants to ensure candidates have enough time to work with new services and features before they are assessed against the new material.

        Let us know if you need further assistance. The Tutorials Dojo team is dedicated to help you pass your AWS exam on your first try!

        Regards,

        Jon Bonso @ Tutorials Dojo

        • Rafa314

          Member
          January 5, 2021 at 12:07 am

          Many thanks Jon

Viewing 1 - 3 of 3 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now