AWS VPC Peering for Resolving Public DNS Hostnames

How to Resolve Public IPv4 DNS Hostnames to Private IPv4 Addresses in AWS VPC Peering

Prev Question Next Question

Question

For a project with many VPCs, VPC peering has been enabled.

Your requirement is that a VPC should resolve public IPv4 DNS hostnames to private IPv4 addresses when queried from instances in the peer VPC.

What would you do?

Answers

A. Enable DNS hostname resolution for your VPC peering connection.

B. Add DNS name resolution in Route53 for private IP address.

C. No changes are required. By default, every instance from each VPC peering addresses each other instance using the DNS hostname resolution to point to the Private IP address. The application team needs to make changes to the application.

D. Disable existing VPC peers & create new VPC peers with enabling DNS resolution with Private IP address & not with Public IP address.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer - A.

DNS hostname resolution should be enabled for the VPC peering connection.

Option B is incorrect as adding the name resolution in Route53 is not required for VPC peering to resolve to the private IP address.

Option C is incorrect as the DNS hostname resolution should be enabled.

Option D is incorrect as creating a new VPC peering is not required.

You can make changes to the existing VPC peering itself.

For more information on DNS resolution with VPC peering, refer to the following URL.

https://docs.aws.amazon.com/vpc/latest/peering/modify-peering-connections.html#vpc-peering-dns

The correct answer is B. Add DNS name resolution in Route53 for private IP address.

When VPC peering is enabled between two VPCs, the instances in one VPC can access the instances in the other VPC using their private IP addresses. However, by default, instances in one VPC cannot resolve the public DNS hostnames of instances in the other VPC. This is because the public DNS hostnames resolve to the public IP addresses of the instances, which are not reachable over the VPC peering connection.

To resolve public DNS hostnames to private IP addresses when queried from instances in the peer VPC, you can create a private hosted zone in Amazon Route 53. A private hosted zone is a container for records that you create to define how DNS queries are resolved within a VPC. You can create a private hosted zone for the domain name that you want to resolve (for example, example.com) and create a record that maps the DNS hostname to the private IP address of the instance in the peer VPC.

When an instance in the peer VPC queries the DNS hostname, the query is forwarded to the private hosted zone in Route 53, which resolves the hostname to the private IP address of the instance in the other VPC. This allows the instance to communicate with the other instance using its private IP address.

Enabling DNS hostname resolution for your VPC peering connection (Option A) does not resolve public DNS hostnames to private IP addresses. It simply allows instances in the peered VPCs to resolve each other's DNS hostnames using their private IP addresses.

Option C is incorrect because it assumes that the default DNS resolution behavior is sufficient, which is not the case when resolving public DNS hostnames to private IP addresses.

Option D is not necessary and is potentially disruptive because it involves disabling and recreating VPC peering connections.

Prev Question Next Question