How to Set Up DNS Resolution Between On Premises Networks and AWS Using AWS Directory Service and Amazon Route AWS Security Blog


As you set up private connectivity among your on premises networks and your AWS Virtual Private Cloud VPC environments, the necessity for Domain Name System DNS decision across these environments grows in importance. One common approach used to tackle this need is to run DNS servers on Amazon EC2 across distinct Availability Zones AZs and integrate them with private on premises DNS domains. In many cases, though, a controlled private DNS carrier available external of a VPC with less administrative overhead is beneficial. In this blog post, I will show you two approaches that use Amazon Route 53 and AWS Directory Service to supply DNS choice among on premises networks and AWS VPC environments.

For example, if you provision a Simple AD listing and provides it a name of example. net, any DNS request outside of that domain name let’s assume aws. example. com is forwarded to the internal DNS carrier of the VPC. If a Route 53 inner most hosted zone has been created for aws.

example. com and assigned to that VPC, it responds to the DNS queries that originate from outside the VPC. This is accomplished by means of the Simple AD DNS service that integrates DNS resolution across Simple AD substances, VPC offered DNS, and Route 53 inner most hosted zones. Note that the VPC needs to have DNS resolution and DNS hostnames enabled, as shown in right here screenshot of the VPC console. See Using DNS with Your VPC for more particulars about these settings.


For additional details concerning the DNS carrier offered with AWS Directory Service, see Using DNS with Simple AD and Microsoft AD. Any request sent to these IP addresses is forwarded to the VPC offered DNS service and Route 53. Setting up DNS forwarders in your on premises DNS provider to these IP addresses to your Route 53 domain names is an ideal way to detect instant DNS decision from on premises hosts into your AWS VPC. Be certain to check the protection group created in your listing to ensure DNS traffic is allowed from your on premises networks. Also, ensure the Route 53 domain name is various than the Simple AD domain name. If they are the same or if the Route 53 domain is a subdomain of the Simple AD domain, Simple AD doesn’t forward the request.

See also  The Impact of Social Media in Our Daily Lives

AWS Directory Service could make integration among on premises and AWS managed DNS facilities easier and may eliminate the need to manage your individual DNS servers. You can use the Simple AD directory type to ahead DNS requests that originate from on premises networks to the VPC provided DNS and finally Route 53. You might find flexibility by operating DNS facilities on EC2, but that adds additional control overhead and needs to be configured for top availability and failover. The Directory Service–provided DNS for Simple AD adds these services across AZs as a part of the provisioned directory. This can make imposing hybrid architectures on AWS much easier.