1

I have an AWS VPC with Private Hosted Zone (PHZ) setup so all machines launched within the VPC can resolve my console-defined domains, for example a1.mydomain.

I would like for on-site machines at the end of my VPN (not in VPC but connected to a VPN server machine in the VPC) to be able to resolve these PHZ domains as well.

Is this possible?

jsstuball
  • 4,104
  • 7
  • 33
  • 63

1 Answers1

2

In order to resolve PHZ, the request must come from the DNS resolver of the VPC:

  • Setup a DNS server on the VPN instance that forwards queries of a1.mydomain to the VPC DNS resolver which is the third address of your VPC network (.2)
  • Make sure to setup the DNS server to forward other queries to a public DNS server like Google (8.8.8.8/8.8.4.4) or CloudFlare (1.1.1.1)
  • Setup the VPN to push its own private IP as a DNS server to users
  • On-premise machines connected to the VPN will be able to resolve records in PHZ

Using a bind9 + OpenVPN works quite well

Quentin Revel
  • 1,400
  • 8
  • 11
  • What is nameserver `127.0.0.53`? This is the only nameserver in the out-of-box DNS `/etc/resolv.conf` file which is apparently sufficient for domains to be resolved by the VPC DNS... – jsstuball Feb 05 '19 at 14:50
  • Anyway I managed to do what you said and get it to work using `dnsmasq` instead of `Bind`. Cheers. – jsstuball Feb 05 '19 at 15:23