Route53 3

Question 1

VPC DNS

What IP addresses are reserved for DNS in a VPC?

Answer 1

VPC “.2” is DNS, also reserved “.2” in every subnet

Question 2

VPC DNS

What is the thing running on “.2” called?

Answer 2

Route53 Resolver

Question 3

VPC DNS

Can you access a Route53 Resolver from a DX?

Answer 3

No, R53R only from inside a VPC because it’s on “VPC +2” IP addr

Question 4

VPC DNS

Can you access a Route53 Resolver across a VPN?

Answer 4

No, R53R only from inside a VPC because it’s on “VPC +2” IP addr

Question 5

VPC DNS

What does a R53 Resolver on “.2” serve?

Answer 5

Public resolution and any associated private zones

Question 6

VPC DNS

Can you access your “.2” R53 Resolver from a Peering connection?

Answer 6

No

Question 7

VPC DNS

Can you access your “.2” R53 Resolver from a DX or VPN?

Answer 7

No

Question 8

VPC DNS

Biggest problem with R53 Resolvers on “.2”?

Answer 8

Hard to do hybrid, integrated DNS with on-prem enterprise.

Question 9

VPC DNS

What does a R53 Resolver do if it doesn’t have a record for a query?

Answer 9

Forwards to public DNS outside AWS.

Question 10

DNS Endpoints

What (virtually) is a R53 Endpoint?

Answer 10

ENI

Question 11

DNS Endpoints

Can you forward queries to a R53 Endpoint over DX?

Answer 11

Yes (it’s just an ENI)

Question 12

DNS Endpoints

Can you forward queries to a R53 Endpoint over VPN?

Answer 12

Yes (it’s just an ENI)

Question 13

DNS Endpoints

What flavors do DNS Endpoints come in?

Answer 13

Inbound (on-prem reach R53 Resolver) and Outbound (forward queries to on-prem DNS)

Question 14

DNS Endpoints

Can DNS Endpoints support IPv6?

Answer 14

Yup! They can dual-stack both IPv4 and IPv6.

Question 15

DNS Endpoints

Where do R53 Endpoints live?

Answer 15

In Subnets (create several IPs in different subnets in a single R53 Endpoint)

Question 16

DNS Endpoints

What does a DNS Inbound Endpoint do?

Answer 16

Just forwards requests to the R53 Resolver (which is a separate thing!)

Question 17

DNS Endpoints

What does a DNS Outbound Endpoint do?

Answer 17

Just forwards requests to the on-prem DNS server

Question 18

DNS Endpoints

Two types of Outbound Rules?

Answer 18

“Forward” (DNS forwarding) and “System” (R53 Resolver handle locally)

Question 19

DNS Endpoints

What are Rules associated with or attached to?

Answer 19

VPCs (strange, yea) and a single Outbound Resolver

Question 20

DNS Endpoints

How do you make a DNS Endpoint HA?

Answer 20

Already is! It’s a single ENI, but multiple things behind it can scale automatically

Question 21

DNS Endpoints

How do you configure EC2 resources to use your Outbound Endpoint?

Answer 21

You don’t! R53 Resolver knows about Rules, which may point to the Outbound Endpoint.