The Microsoft Active Directory type within AWS Directory Service provides two domain controllers each in separate AWS Availability Zones and an Admin account that has permissions for the most common administrative activities. These come with user and group leadership, resource leadership, delegation, Group Policy management, and leadership of DNS configurations. To access the DNS service on the Microsoft AD domain controllers, install the Windows DNS Server Tools on another Windows host. From the Add Roles and Features Wizard, select DNS Server Tools under Remote Administration Tools, as shown in here screenshot. After you have connected the DNS Manager to a Microsoft AD DNS provider, that you would be able to configure the server and conditional forwarders.
For instance, if you need these DNS servers to ahead requests on your Route 53 private hosted zone to Route 53, right click Conditional Forwarders and choose New Conditional Forwarder. Then, which you could specify the private hosted zone and VPC provided DNS IP tackle. Note that the VPC offered DNS IP tackle will always be your VPC CIDR block “plus two. ” For example, in the event that your VPC uses 10. 10.
0. 0/16, the VPC provided DNS is 10. 10. 0. 2, as shown in right here image.
If you store a conditional forwarder in AWS Directory Service for Microsoft AD, it handles the replication of this to the other domain controller. With the AWS controlled Microsoft AD carrier, which you can simply create an alternate conditional forwarder to your on premises DNS domain names and name servers as discussed formerly during this post. Having access to DNS configuration with this carrier really pays off!Just launch the DNS Manager against one of your managed Microsoft AD–offered DNS servers, and create a second conditional forwarder on your on premises domain name and DNS server IP tackle. You can also leverage DNS Manager to create a secondary DNS zone that is hosted on premises. For many workloads, this can be an alternative viable option, but it is backyard the scope of this blog post.