Resolving domain names of non-AWS hosted domain with private resolver outside of AWS

Question

Hello,

I have a VPC in AWS containing a VPN server. When I connect via this VPN, I can resolve AWS hostnames and some domains defined in Route53. Now I have a private resolver for a domain in Azure. How do I configure that DNS queries for this domain will be sent to the private resolver in Azure when I am connected via the VPN to AWS (with the current domain names resolving preserved)?

Accepted Answer

If the domain is private then you have to resolve via an Internal IP. If its a public domain then you can just use the native internet.
For private zones, I have set this up before and you would require one of 2 things.

1. A site to site VPN between your VPC and the Azure virtual network of which you need to configure a route53 outbound resolver and an azure inbound resolver
2. A Public container running in Azure running a DNS Forwarder with an AWS route53 outbound resolver pointing to the Public Container IP address. whiteducksoftware provider a container for doing this. https://github.com/whiteducksoftware/az-dns-forwarder

Answer

OK, that's probably because it allows queries only from VPC's DNS server.

Also for anyone else configuring the same: You have to associate the outbound endpoint rule(s) with the VPCs you want the endpoint to provides the service for. Outbound endpoint just being in the its subnet is not enough.

Answer

Thank you. I created outbound endpoint in AWS in the same VPC as the VPN server. When I am in the VPN and try to use dig @azure_inbound_IP, I receive the private IP of the FQDN requested, so the Azure part is working. But when I try the same with dig @aws_outbound_IP, I receive "connection refused". Any idea why that "connection refused"? It's not a security group issue as that would timeout instead I suppose...

Resolving domain names of non-AWS hosted domain with private resolver outside of AWS

関連するコンテンツ