Route 53 DNS resolvers

Lab Objective: Create inbound and outbound resolvers and share them across organization via Resource Access Manager

Lab Prerequisite: * AWS Organizations * Dedicated DNS account (network or shared services accounts can be used) * Administrator Access

What is Route 53 Resolver?

The route 53 resolvers are contactable IP addresses (endpoints) where the DNS queries from different sources can be directed. There are two types of resolvers that administrators can deploy.

Route 53 inbound resolvers can be created and used to answer AWS resource’s DNS names across accounts or from on-prem.

Route 53 outbound resolvers can be created and used to “forward” or “relay” DNS queries about on-prem DNS records to the on-prem’s DNS server(s). Commonly, an AWS resource such as EC2 instance’s DNS query about an on-prem DNS name is configured to be forwarded to the Outbound resolver(s). The resolver, then, forwards the query to the on-prem DNS servers.

The Resolvers exist in the form of a set of IP addresses once created and therefore more commonly referred to as “endpoints”

Step-by-step guide

Please use this document to create both the inbound and outbound resolver endpoints. Please keep in mind these points during the creation: *

At the end of the process, the inbound endpoint looks like this

and the outbound endpoint looks like this

This means you have created resources with which DNS queries across accounts can be resolved. The AWS resources such as EC2 instances in your AWS Organizations can use IP addresses 10.100.19.234 and/or 10.100.41.78 (if the route setup connects the traffic) to resolve the on-prem DNS names. You can offer IP addresses 10.100.16.253 and/or 10.100.43.207 to on-prem resources to resolve the AWS names in your AWS Organizations

However, in our environments, it is difficult to simulate an on-prem data centre. Therefore, the next steps will take you through how to resolve DNS records across accounts.