Home › Forums › AWS › AWS Certified Solutions Architect Professional › SAP-C01 Practice Test 2 › Reply To: SAP-C01 Practice Test 2
-
Hello Solomon,
Thank you for your feedback.
From this statement on the question: The Solutions Architect configured the two domain controllers as the DHCP options set associated with the VPC.
– we can conclude that the solutions architect is configuring a custom AD server / DNS server inside the VPC on AWS. Usually, when you deploy your own AD server/DHCP server, there will be two servers for redundancy.
Since the solutions architect is planning to use its custom different DNS server (and not AWS), you will not be able to resolve internal AWS domains such as names for EC2 instances (ec2-192-0-2-44.compute-1.amazonaws.com) or RDS endpoints (myexampledb.a1b2c3d4wxyz.us-west-2.rds.amazonaws.com)
Therefore, in this scenario, all clients should just forward all DNS queries to the AD server. Then the AD server will forward any non-authoritative DNS queries to the VPC resolver.
First, the AD server will try to resolve all DNS queries by itself. Then if it encounters anything that it is not familiar with, like names for EC2 instances (ec2-192-0-2-44.compute-1.amazonaws.com) or RDS endpoints (myexampledb.a1b2c3d4wxyz.us-west-2.rds.amazonaws.com), it will send it to the R53 resolver.
As for endpoints:
Inbound endpoint: DNS resolvers on your network can forward DNS queries to Route 53 Resolver via this endpoint – This allows your DNS resolvers to easily resolve domain names for AWS resources such as EC2 instances or records in a Route 53 private hosted zone.
Outbound endpoint: Resolver conditionally forwards queries to resolvers on your network via this endpoint – To forward selected queries, you create Resolver rules that specify the domain names for the DNS queries that you want to forward (such as example.com), and the IP addresses of the DNS resolvers on your network that you want to forward the queries to. If a query matches multiple rules (tutorialsdojo.com, portal.tutorialsdojo.com), Resolver chooses the rule with the most specific match (portal.tutorialsdojo.com) and forwards the query to the IP addresses that you specified in that rule.
Thus, we need to create an inbound endpoint, not an outbound endpoint.
Thank you again.
Let us know if you need further assistance. The Tutorials Dojo team is dedicated to helping you pass your AWS exam!
Regards,
Kenneth Samonte @ Tutorials Dojo