Logo
AWS Certified Solutions Architect - Professional / Question #530 of 529

Question #530

A company needs to design a hybrid DNS solution using an Amazon Route 53 private hosted zone for the domain cloud.newdomain.com to support resources across multiple VPCs. The solution must meet the following requirements:

- On-premises systems must resolve and connect to cloud.newdomain.com.
- All VPCs must resolve cloud.newdomain.com.

The company uses AWS Direct Connect and AWS Transit Gateway to link its on-premises network to AWS.

Which architecture ensures the HIGHEST performance while fulfilling these requirements?

A

Associate the private hosted zone with all VPCs. Deploy a Route 53 inbound resolver in the shared services VPC. Connect all VPCs to the transit gateway and configure on-premises DNS to forward cloud.newdomain.com requests to the inbound resolver.
B

Associate the private hosted zone with all VPCs. Set up an EC2-based conditional forwarder in the shared services VPC. Attach all VPCs to the transit gateway and direct on-premises DNS to forward cloud.newdomain.com queries to the conditional forwarder.
C

Associate the private hosted zone with the shared services VPC. Create a Route 53 outbound resolver in the shared services VPC. Link all VPCs to the transit gateway and configure on-premises DNS to forward cloud.newdomain.com requests to the outbound resolver.
D

Associate the private hosted zone with the shared services VPC. Deploy a Route 53 inbound resolver in the shared services VPC. Connect the shared services VPC to the transit gateway and set up on-premises DNS to forward cloud.newdomain.com queries to the inbound resolver.

Explanation

Option A fulfills the requirements by associating the private hosted zone with all VPCs, ensuring each VPC can resolve cloud.newdomain.com. Deploying a Route 53 inbound resolver in the shared services VPC allows on-premises systems to forward DNS queries to AWS via Direct Connect and Transit Gateway, providing high-performance resolution. Other options fail: B uses an EC2-based solution (less efficient), C/D associate the hosted zone only with the shared VPC, preventing other VPCs from resolving the domain. Route 53's native inbound resolver simplifies hybrid DNS with centralized query handling, avoiding the overhead of EC2-based forwarders.

Answer

The correct answer is: A