ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam ANS-C00 All Questions

View all questions & answers for the ANS-C00 exam
Go to Exam

Exam ANS-C00 topic 1 question 176 discussion

Exam question from Amazon's ANS-C00
Question #: 176
Topic #: 1
[All ANS-C00 Questions]

You have a hybrid infrastructure and you have configured your own DNS server on an EC2 instance in your 10.1.3.0/24 subnet. This subnet resides on the VPC
10.1.0.0/16. You need your data center to be able to resolve Route 53 queries in your private hosted zone. What do you need to do to accomplish this?

  • A. Disable the source/destination check flag for the DNS instance.
  • B. Configure your DNS server to forward queries for the private hosted zone to 10.1.3.2.
  • C. Configure your DNS server to forward queries for the private hosted zone to 10.1.0.2.
  • D. Configure the VPC DHCP option set in the VPC to point to the EC2 DNS server.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
10.1.3.2 is not the DNS server. A DHCP option set is not needed since you are resolving AWS resources from on-premises not from a VPC and those instances are already configured to look to Route 53 DNS.
by Kentik at Nov. 20, 2020, 8:34 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Huntkey
Highly Voted 3 years, 7 months ago
Surprisingly, it is C and not B... I thought every second IP in each subnet is reserved for DNS. But I just checked in my environment, the second IP of the VPC CIDR is for the DNS, not the second IP in the subnet...
upvoted 13 times
JohnnyBG
3 years, 4 months ago
I didn't believe you but yeah .. C is the answer For VPCs with multiple IPv4 CIDR blocks, the DNS server IP address is located in the primary CIDR block. The DNS server does not reside within a specific subnet or Availability Zone in a VPC. https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html
upvoted 2 times
...
...
wahlbergusa
Most Recent 3 years, 6 months ago
Answer is C. But it took me ages to understand what specifically the question is asking. My interpretation from the "your DNS server" in the answers was the "On Prem DNS Server". Well your DNS server actually is referring to the EC2 instance. Thanks to @paagee' s comment at the bottom. The question is asking for the second phase of the DNS flow. Phase 1 : On Prem DNS to the EC2 Instance Based DNS Phase 2 : EC2 Instance Based DNS to the Amazon DNS (aka Route 53 Resolver) Hence the answer is clearly C.
upvoted 3 times
hugo1111
3 years, 4 months ago
Same as you. I understand that C is the DNS in aws vpc...but I remember that it only can be used inside the vpc...so I am confused... Then I just realise the DNS server is reversing to the DNS on aws side I think this is a old method...now we can use the inbound resolver endpoint instead of building our own dns server on vpc...
upvoted 1 times
...
...
ChauPhan
3 years, 6 months ago
D. Configure the VPC DHCP option set in the VPC to point to the EC2 DNS server.
upvoted 1 times
ChauPhan
3 years, 6 months ago
Sorry, reread again C. Configure your DNS server to forward queries for the private hosted zone to 10.1.0.2. For any out of private zone DNS, our own DNS server can resolve it; other DNSs ==> Forward it to AWS DNS to solve it.
upvoted 1 times
...
...
Ishu_awsguy
3 years, 6 months ago
ill go with C
upvoted 1 times
...
awspro2021
3 years, 7 months ago
D - Your on-perm DNS server need to forward the DNS query to EC2 route 53 resolver. Update the DHCP option to EC2 DNS server
upvoted 2 times
student2020
3 years, 6 months ago
This would only be required if VPC instances need to also query on-prem DNS zones, not in this case.
upvoted 1 times
...
...
JamesTR
3 years, 7 months ago
I have hard time to understand the question. What does it mean “You need your data center to be able to resolve Route 53 queries in your private hosted zone.” Who is querying whom ?
upvoted 4 times
howardxie
3 years, 6 months ago
maybe you should learn english first,before learning this.man.
upvoted 1 times
...
...
sairam
3 years, 7 months ago
Actually deep analysis using multiple aws references seem to suggest that B is the correct answer since we do not need a new DHCP optionset but require a DNS (forwader) server/endpoint to forward queries from on-prem to Route 53 held private hosted zone
upvoted 1 times
Vlan
3 years, 7 months ago
yes but would you point to VPC subnet +2 IP address or subnet (+2) where DNS server is?
upvoted 1 times
...
...
sairam
3 years, 7 months ago
C is not the right answer since you cannot point the on-prem servers to the VPC DNS server since only accepts query from within the VPC. So you have to point the on-prem DNS to a DNS forwarder setup in the VPC and configure new DHCP option set and the on-prem DNS server will use the DNS forwarder to resolve the private hosted zone. Ans is D from the below link with a similar example: https://aws.amazon.com/premiumsupport/knowledge-center/route53-resolve-with-inbound-endpoint/
upvoted 2 times
...
JamesTR
3 years, 7 months ago
Why A ?. As per https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html "Disabling source/destination checking enables an instance to handle network traffic that isn't specifically destined for the instance. " DNS servers receive traffic specifically destined to them so source/destination checking does not apply here. I think. Other answer make no sense to me either.
upvoted 1 times
JamesTR
3 years, 7 months ago
I meant that A is a wrong answer for reason I gave above.
upvoted 1 times
...
...
Kentik
3 years, 7 months ago
The correct answer is A, you cannot point the on-prem servers to the VPC DNS server since only accepts query from within the VPC.
upvoted 3 times
Paagee
3 years, 7 months ago
On-premise DNS server -> DNS server (EC2) -> AWS VPC DNS +2 IP which goes to the Route 53, the answer refers to the 2nd part I think DNS (EC2) -> AWS DNS + 2
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago