Ends in
00
days
00
hrs
00
mins
00
secs
ENROLL NOW

🎁 Get 20% Off - Christmas Big Sale on All Practice Exams, Video Courses, and eBooks!

Using Amazon Route 53 Resolver

Home » AWS » Using Amazon Route 53 Resolver

Using Amazon Route 53 Resolver

Last updated on April 26, 2023

In the previous blog post, we talked about Split-view DNS using Amazon Route 53, in which the DNS server gives out a different response to the same DNS query based on where the query came from. This is helpful if you are in a hybrid environment when you want an internal application to resolve a domain from a private hosted zone and external applications to resolve from a public hosted zone in Route 53.

In hybrid environments, configuring Amazon Route 53 hosted zones can be tricky. Your VPC and on-premises resources may need to resolve DNS names hosted on the on-premises data center. Accordingly, the on-premises resources may also need to resolve DNS records hosted on AWS.

In this blog post, we’ll explore Amazon Route 53 Resolver, which is a feature that allows users to resolve DNS records between their on-premises resources and VPCs to create a hybrid cloud setup over VPN or Direct Connect (DX).

Before we configure our Amazon Route 53 Resolvers, it is important to remember the following concepts:

  • Inbound Resolver endpoint – Allows the DNS server from the on-premises network to resolve domain names from AWS resources such as EC2 instances or records in a Route 53 private hosted zone.
  • Outbound Resolver endpoint – Allows the DNS queries from your AWS VPC to be forwarded to your on-premises DNS server or to a resolver on another AWS VPC.
  • Resolver rules – Forwarding rules that you create for each domain that you want forward DNS queries from your VPC to an on-premises DNS resolver. You can also set rules for the domain queries from your on-premises DNS resolver to your VPC.

The Route 53 Resolver uses the resolver to rules for each domain to forward the query to a specific IP address of the DNS resolver you want to use.

Whether you create an inbound endpoint or an outbound endpoint, you need to specify the specific IP addresses that you want your DNS resolvers to forward DNS queries. These are private IP addresses from your VPC IP range so you will need to connect to your VPC using a Direct Connect connection or a VPN connection.

A Route 53 Resolver automatically answers DNS queries for:

  • Internal VPC domain names for Amazon EC2 instances (for example, ec2-172-16-2-44.compute-1.amazonaws.com).
  • Amazon Route 53 records in private hosted zones (for example, private.tutorialsdojo.com).
  • Public domain names are recursively looked up against public name servers on the internet.

See the below diagram as an example of a simplified hybrid network scenario that uses both inbound and outbound resolvers:

Tutorials dojo strip

Using Amazon Route 53 Resolver

 

The above diagram illustrates the following steps for the Inbound resolver (arrows in blue):

  1. The client from the on-premises network needs to resolve domain private.tutorialsdojo.com, which is inside the VPC. The client sends the DNS query to the on-premises DNS resolver.
  2. The on-premises resolver uses the VPN connection to forward the query to the Inbound endpoint.
  3. The Inbound endpoint receives the request and forwards it to the VPC+2, which is connected to the Route 53 Resolver
  4. The VPC+2 receives the request and forwards it to the Route 53 Resolver to get an answer.
  5. The DNS Resolves the DNS query and returns the answer on the same to the client.

The above diagram illustrates the following steps for the Outbound resolver (arrows in green):

  1. A resource from the VPC, such as an EC2 instance, needs to resolve the domain internal.tutorialsdojo.com, which has an authoritative DNS server inside the on-premises data center. The query is sent to the VPC+2, which is connected to the Route 53 DNS Resolver.
  2. The DNS Resolver receives the request and processes it based on the resolver rules.
  3. The DNS Resolver has a forwarding rule that will forward internal.tutorialsdojo.com domains to the on-premises data center DNS Server. It sends the request to the Outbound endpoint.
  4. The Outbound endpoints use the VPN connection to forward the request to the on-premises DNS resolver.
  5. The DNS resolver receives the query and resolves the request. The answer is returned to the EC2 instances using the same path in reverse.

 

Creating a Route 53 Resolver Endpoints

 You can create an Inbound endpoint by following the steps below using the AWS console:

1. Go to the Route 53 service page > click Resolver > click Inbound endpoints.

2. Click Create inbound endpoint button.

3. Fill in the details for your inbound endpoint, such as the name, VPC, and security group for the endpoint.

Using Amazon Route 53 Resolver

4. Under IP Addresses, enter 2 IP addresses from a subnet, preferably from 2 different Availability Zones. This is to improve the availability of the resolver. These will be the IP addresses of your resolver.

Using Amazon Route 53 Resolver

5. Click Create Inbound endpoint button.

 

You can create an Outbound endpoint by following the steps below using the AWS console:

1. Go to the Route 53 service page > click Resolver > click Outbound endpoints.

2. Click Create Outbound endpoint button.

3. Fill in the details for your inbound endpoint, such as the name, VPC, and the security group for the endpoint.

Using Amazon Route 53 Resolver

4 Under IP Addresses, enter 2 IP addresses from a subnet, preferably from 2 different Availability Zones. This is to improve the availability of the resolver. These will be the IP addresses of your resolver.

Using Amazon Route 53 Resolver

 

5. Click Create Outbound endpoint button.

Free AWS Courses

 

To create Resolver Rules, follow the steps below using the AWS Console.

1. Go to the Route 53 service page > click Resolver > click Outbound endpoints.

2. Click Create rule button.

3. Fill in the details for the rule, such as Rule name, Rule type, VPC, and the Outbound endpoint to be used.

Using Amazon Route 53 Resolver

 

4. Under Target IP address, input the IP address of the DNS resolver from your on-premises data center.

Using Amazon Route 53 Resolver

5. Click Submit to create this new forwarding rule.

 

See the below links for more reading.

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-overview-DSN-queries-to-vpc.html

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-forwarding-outbound-queries.html

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-forwarding-inbound-queries.html

Get 20% Off – Christmas Big Sale on All Practice Exams, Video Courses, and eBooks!

Tutorials Dojo portal

Learn AWS with our PlayCloud Hands-On Labs

Tutorials Dojo Exam Study Guide eBooks

tutorials dojo study guide eBook

FREE AWS Exam Readiness Digital Courses

FREE AWS, Azure, GCP Practice Test Samplers

Subscribe to our YouTube Channel

Tutorials Dojo YouTube Channel

Follow Us On Linkedin

Recent Posts

Written by: Kenneth Samonte

Kenneth is an AWS Architect & Linux System Administrator. He's a Red Hat Certified System Administrator, AWS Certified Solutions Architect Professional, and a VMware Certified Professional. He's also a registered Electronics Engineer and Cisco Certified Network Associate (CCNA). He enjoys exploring cloud platforms and administering Linux systems. When he's not busy, you’ll find him online playing League of Legends.

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers Check out our FREE courses

Our Community

~98%
passing rate
Around 95-98% of our students pass the AWS Certification exams after training with our courses.
200k+
students
Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.
~4.8
ratings
Our courses are highly rated by our enrollees from all over the world.

What our students say about us?