How to connect a machine on VPN to AWS PHZ DNS?

1
votes

I have an AWS VPC with Private Hosted Zone (PHZ) setup so all machines launched within the VPC can resolve my console-defined domains, for example a1.mydomain.

I would like for on-site machines at the end of my VPN (not in VPC but connected to a VPN server machine in the VPC) to be able to resolve these PHZ domains as well.

Is this possible?

1
amazon-web-servicesamazon-route53aws-vpc

1 Answers

2
votes

In order to resolve PHZ, the request must come from the DNS resolver of the VPC:

  • Setup a DNS server on the VPN instance that forwards queries of a1.mydomain to the VPC DNS resolver which is the third address of your VPC network (.2)
  • Make sure to setup the DNS server to forward other queries to a public DNS server like Google (8.8.8.8/8.8.4.4) or CloudFlare (1.1.1.1)
  • Setup the VPN to push its own private IP as a DNS server to users
  • On-premise machines connected to the VPN will be able to resolve records in PHZ

Using a bind9 + OpenVPN works quite well