Exam ANS-C00 topic 1 question 288 discussion

Exam question from Amazon's ANS-C00

Question #: 288
Topic #: 1

You have a hybrid environment in which your VPC queries your on-premises DNS server for up resources in your environment. The EC2 instances in your VPC are unable to resolve on-premises resources.
What are two possible reasons for this problem? (Choose two.)

A. Your NACL is blocking UDP port 53 outbound
B. Your security group is blocking port 53 inbound
C. Your NACL is blocking TCP port 53 outbound.
D. Your on-premises firewall is blocking port 443

Show Suggested Answer

Suggested Answer: AC 🗳️
DNS requires TCP and UDP port 53.

by eeghai7thioyaiR4 at March 17, 2021, 1:49 p.m.

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Submit Cancel

eeghai7thioyaiR4

Highly Voted 3 years, 7 months ago

DNS uses TCP and UDP, port 53 So D is out B is out too, because the connections are initiated from the VPC (this is outbound trafic) That leaves A and C as the answer

upvoted 8 times

ChauPhan

3 years, 7 months ago

Why not B. Your security group is blocking port 53 inbound? You also need DNS respond from onpremise DNS (inbound)

upvoted 1 times

jimycrimson16

3 years, 7 months ago

Security groups are stateful, so won't block the DNS response. Indeed, the response will come in a high port, not 53. Would be different if answer would have state "Your security group is blocking port 53 outbound"

upvoted 1 times

...

titi_r

Most Recent 2 years, 10 months ago

Answer A. Your NACL is blocking UDP port 53 outbound Because DNS uses UDP for name, and queries, and uses TCP only for Zone transfer.

upvoted 1 times

...