Using Amazon VPC provided DNS trough AWS Site-to-Site VPN

Question

Currently I have an AWS VPC connected to our corporate network using AWS Site-to-Site VPN.

I can reach my EC2 instances trough the tunnel by their private IP Address.

Inside the VPC each EC2 instance can resolve private DNS hostnames ip-private-ipv4-address.region.compute.internal using the provided Amazon DNS server (reachable at IP address VPN-CIDR +2)

Is it possible to query Amazon DNS server from our corporate network trough the VPN tunnel?

The goal I want to achieve is the possibility to reach EC2 instances through VPN using a DNS name without create each time a record in our DNS.

score 2 · Accepted Answer · answered Jun 20 '19 at 21:28

Is it possible to query Amazon DNS server from our corporate network trough the VPN tunnel?

Directly? No. The recursive resolver available by default when you create a VPC can only be accessed by an IP address in that VPC. This is a restriction that Amazon imposes.

What you can do is create a forwarder using the Route 53 Resolver service or software like Unbound. You can then (conditionally) forward your onprem DNS for certain domains to it.

Some useful links:

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html#AmazonDNS

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html#vpc-dns-support

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html

Using Amazon VPC provided DNS trough AWS Site-to-Site VPN

1 Answers1