How do I resolve Route 53 private hosted zones when using an AWS Managed Microsoft AD directory?

Last updated: 2021-01-25

By default, DNS queries for private hosted zones are resolved only by the Amazon-provided virtual private cloud (VPC) DNS server. However, you can configure DNS forwarder settings to send requests destined for the Route 53 private hosted zone to the VPC-provided DNS instead.

First, install the Active Directory Domain Services and Active Directory Lightweight Directory Services Tools on a domain joined Amazon Elastic Compute Cloud (Amazon EC2) instance.

Note: In the Features tree, be sure to select both AD DS and AD LDS Tools and DNS Server Tools.

Then, follow these steps:

1. Log in to the Remote Server Administration Tools (RSAT) instance using the Administrator account.
2. Open the DNS management tool from Windows Administrative Tools.
3. Connect to the DNS server using the fully qualified domain name (FQDN) for your domain.
4. Expand DNS, open the context (right-click) menu for the domain name, and then choose Properties.
5. From the Forwarders tab, edit the IP address of the forwarding servers to point to the Amazon VPC-provided DNS.