How do I resolve Route 53 private hosted zones when using an AWS Managed Microsoft AD directory?

Last updated: 2021-04-15

Resources in my AWS Directory Service for Microsoft Active Directory domain can’t resolve DNS records in my Amazon Route 53 private hosted zone. How can I resolve this issue?

Resolution

By default, DNS queries for private hosted zones are resolved only by the Amazon-provided virtual private cloud (VPC) DNS server. However, you can configure DNS forwarder settings to send requests destined for the Route 53 private hosted zone to the VPC-provided DNS instead.

First, install the Active Directory Domain Services and Active Directory Lightweight Directory Services Tools on a domain joined Amazon Elastic Compute Cloud (Amazon EC2) instance.

Note: In the Features tree, be sure to select both AD DS and AD LDS Tools and DNS Server Tools.

Then, follow these steps:

  1. Log in to the Remote Server Administration Tools (RSAT) instance using the Administrator account.
  2. Open the DNS management tool from Windows Administrative Tools.
  3. Connect to the DNS server using the fully qualified domain name (FQDN) for your domain.
  4. Expand DNS, open the context (right-click) menu for the domain name, and then choose Properties.
  5. From the Forwarders tab, edit the IP address of the forwarding servers to point to the Amazon VPC-provided DNS.
    Note: The Amazon VPC-provided DNS is the second address of the VPC. For example, if the VPC CIDR is 10.0.0.0/16, then the Amazon VPC-provided DNS is 10.0.0.2. For more information, see Amazon DNS server.

Did this article help?


Do you need billing or technical support?