Exam AWS Certified Solutions Architect - Professional topic 1 question 634 discussion

I think its A, B. AwsDNS is set in DHCP options. AWS resources resolve other resources as a result, but forward AD domain queries to AD servers via an Outbound resolver endpoint. Users hitting the AD servers from on-prem would then have non-authoritative queries pushed to the AWS resolver.

B &C are correct options

The correct answer is AB as most comments are stating. For anyone who thinks that A is not correct because outbound resolver will forward to on-premise DNS server. Remember , our goal is to resolve records in our domain which in the question is hosted in the AD so we need to forward these requests if they don't match the private hosts for the VPC. The DNS being hosted inside the VPC or on premise is not relevant since you are specifying an ip in the forward rule , so technically you can forward to the AD which inside the VPC in AWS Docs: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-forwarding-outbound-queries.html#resolver-forwarding-outbound-queries-rule-values Target IP addresses When a DNS query matches the name that you specify in Domain name, the outbound endpoint forwards the query to the IP addresses that you specify here. These are typically the IP addresses for DNS resolvers on your network. so it could be any IP weather its inside or outside the VPC

AB is answer. why? A) correct - outbound resolver has conditional fwd rules to resolve hybrid DNS + VPC DHCP options must be reverted to other EC2 can resolve DNS B) correct - AD servers to use inbound resolver for non-authorititative queries to reach instances C) wrong - There is no conditional fwd rules for inbound resolvers D) wrong - splitting DNS server based on type of app seems illogical for me E) wrong - AD servers need to resolve internal queries as well, not makes sense

To resolve the AWS services CNAME it needs to forward the queries to AWS DNS which on prem DNS trying to forward, here question is about ec2 is not able to resolve the endpoint DNS. EC2->ADDNS->Inboud Resolver.

AB First we set all Instances to forward all queries to AmazonDNS (to resolve private interface names) and then other queries *.example.corp.com will be forwarded with the outbound endpoint to the AD servers

A , B https://aws.amazon.com/blogs/networking-and-content-delivery/integrating-your-directory-services-dns-resolution-with-amazon-route-53-resolvers/

Guys i initially said a.b then I noticed the domain controllers are inside the vpc . so changing to bc.

I will go with A & B

B&C for me. Same question appeared on Udemy test

Should be A and B , as outbound endpoint not necessarily mean that the servers should be onprem for conditional forwarder rule to kick in, instead they can reside in another VPC too and it allows DNS queries from your VPC to the VPC where the AD servers run. Option C would also work with an inbound endpoint pointing to the 2 AD server IPs, but definitely not with forwarding rules. So clearly ruled out.

It's A, B - An outbound resolver

AAA BBB --- https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html

The answer is A & B. Thanks Waiweng for useful reference.

B & C "An outbound resolver is for DNS queries that you want to forward outside your VPC" -> So A is discarted since everything is inside the VPC

I'll go with B,C

Answer A &B https://aws.amazon.com/blogs/aws/new-amazon-route-53-resolver-for-hybrid-clouds/