AWS users should evaluate Amazon Route 53 in the age of hybrid cloud deployments, as its Route 53 Resolver feature unifies on-premises and VPC DNS resolution. With this step-by-step Amazon Route 53 tutorial, it's straightforward to set up Route 53 Resolver and configure inbound and outbound endpoints.
Route 53 is a scalable domain name system (DNS) web service that gives businesses and developers a way to direct end users to Internet applications by translating domain names into numbered IP addresses. Use the Amazon Route 53 Resolver to tap resources in your VPC to resolve domain names from an on-premises DNS and also reference Route 53 records from the on-premises environment.
The Amazon Route 53 Resolver for AWS hybrid cloud enables users to unify all hosting environments -- from a firewall-protected corporate server to a cloud setup -- in one tool. Additionally, conditional forwarding rules open up the flexibility to determine exactly which path and route requests should take.
This TechSnips video provides a solid foundation with Amazon Route 53 Resolver and improves hybrid cloud skills in an AWS setting.
Learn to work with Amazon Route 53 Resolver for AWS hybrid cloud. First, set up a VPN connection. Then, follow the Amazon Route 53 tutorial to create inbound and outbound AWS endpoints and direct the outbound endpoint to forward a request to the local DNS server. Then, configure your local workstation to use the AWS inbound endpoint to resolve the DNS hostname of an EC2 server in the AWS VPC.
Transcript - Follow this Amazon Route 53 tutorial on hybrid DNS resolution
Let's get started using an Amazon Route 53 Resolver for a hybrid cloud environment. So, I already have a VPN set up that allows me to interact with a subnet in my AWS VPC. I can access these resources by using their IP addresses. So, here is a website that's hosted on an EC2 instance in my VPC. And I'm using a local IP address so this isn't being routed over the internet. But if I want to use a Route 53 DNS entry like the default that comes with my EC2 instance, it won't resolve. And we can see my on-site DNS server simply times out. So, let's get started creating our resolver.
From the resolver section of the Route 53 console, go ahead and click Configure endpoints. Now, it's important to understand that these endpoints are regional. So, make sure you're in the same region as the VPC you'll be utilizing. You also have the option to decide if you want only inbound traffic or only outbound traffic or both. We'll go ahead and demo with inbound and outbound. We'll name our endpoint. Next, we'll tie to a VPC, and we'll select a security group.
The security group will need to enable UDP and TCP port 53 inbound access. So, the default setup here is it will create two endpoints for us. And we could put them in two different Availability Zones [AZs] or two different subnets for high-availability purposes. But in our test environment, we only have one AZ so let's just go ahead and set it all up to our test subnet. If we have a preferred IP address, we can choose that now, or we'll just go ahead and let Amazon select it for us. And we'll do the same thing for address two, and Next through.
Next, we'll create our outbound endpoints. And just like before, we'll tie it to our VPC and give it a security group with inbound TCP and UDP port 53 access. And after we've decided on the subnets and IP addresses for our outbound endpoints, we'll go ahead and click Next, again.
Next, we're going to create a rule for our outbound traffic. So, this will tell the endpoint when to route traffic to our DNS server. We'll name our rule, "techsnips-rule," and we'll leave it as the forward rule type. Then, we'll add the domain name. This is the domain name that our DNS server is authorized for: techsnips.example.io. We'll select the same VPC as our other endpoints. And here we have the option to add multiple VPCs, and we'll leave the default for our endpoint. Our on-premises IP address is 192.0.2.3. Here, we'll specify all the IP addresses for our on-premises DNS servers. And we can add multiple DNS servers by adding targets. We'll click Next to review. And finally, Submit. It'll take a few minutes to create your endpoints.
Once your resolver's set up, go ahead and click on Inbound endpoints to look at your new IP addresses. Now, we can see we have two endpoints and we can go ahead and test them now. We'll rerun the NS lookup command we ran earlier, but this time, we'll specify to use the 10.0.0.180 DNS server.
And we see it responds back with the right IP address. So, now to get our internal network traffic to point to our Route 53 Resolver, we can set up a forward on our DNS server, or we can even modify the default DNS servers that our DHCP response delivers to new clients that join the network. And that's the approach I'll take, since I only have one DNS server on site. I would really like a redundant DNS server. So, on my router, I'll select the subnet I want to configure with this new DHCP server, and I'd go ahead and change my DNS server here. And I'll change my secondary DNS server here. And we'll save our changes. Then, we'll release and renew our IP configuration.
Now if we go back to the URL that did not resolve previously and refresh, we're able to utilize that DNS HC. So, now we just want test our outbound resolver. To do that, we'll go ahead and SSH into one of our EC2 instances. And we'll go ahead and perform a dig command against a DNS entry that's on our local DNS server. And if we look at the output, we can see it resolves to an IP address that's on our 192 network, which is our on-premises network. Great. So, now we've got inbound working and outbound working. And this is DNS hybrid cloud magic. Thanks for watching.