Community Articles

Problem Statement

When a using CDP with default DHCP Option Set (Use AmazonProvided DNS & AmazonProvidedNameServer) attached to the VPC and need to resolve some on-prem server controlled by an internal DNS server, it does not work by default as those internal servers are not resolvable by Route53 AWS service. Is there a way to resolve the internal on-prem/cloud servers from CDP hosts on AWS? 

Context

• The diagram below shows the typical flow for any DNS resolution request. 
• This document addresses the last part in the diagram when Route53 tries to resolve a domain name that is owned by a private DNS server.
  

Requirement

Minimum 2 subnets, each one in a separate AZ for Route53 Resolver to work.

Assumptions

Before going to the ‘how to’ part, let's look at the assumptions to make this solution work in your environment:

• If you use an on-premise DNS server, then you must have connectivity to this server from your VPC
• This document only depicts Outbound resolution requests originating from your AWS VPC
• If you are using a DNS server in a different VPC in your AWS account, you have a VPC Peering connection with CDP VPC

Testing Methodology

• The dnsmasq is installed and configured to resolve the custom.r53.test2.com domain for a quick proof of concept
• This document explains the solution with 2 EC2 instances in the same VPC. One acts as the DNS server and the other one is being a client.

How to

1. Set up a VPC with a default DHCP option:  
   
   
2. Make sure you have access to the DNS server you want to use from this VPC. For the scope of this document, we have used public subnets with Internet Gateway which routes traffic to the internet. (You can have different combinations like NAT Gateway, VPN, Direct Connect, etc): 
3. Setup one EC2 instance which acts as a DNS client. This can be one of your CDP Host running in this VPC:
   
4. Make an entry in the configuration file on the DNS server with the hostname and IP address.
   
5. Configure Outbound endpoint in Route53 Resolver by going to the Route53 Resolver console on AWS Portal:
   
   
   
6. Give it a name, choose the right VPC, SG, and minimum 2 subnets for High Availability, and click NEXT:.
   
   
   
   
7. On the next page, create a new rule like the following: 
   
   
8. Click Next and Submit.
9. At this point, the setup is complete.
10. Test it by running dig worker1.custom.r53.test2.com +short command on DNS client ec2 instance.
    

Typical Architecture Diagram

Additional Information

More information on AWS Route53 Resolver Rules and Endpoints, watch this video.