How do I resolve Route 53 private hosted zones when using an AWS Managed Microsoft AD directory?
Last updated: 2021-04-15
Resources in my AWS Directory Service for Microsoft Active Directory domain can’t resolve DNS records in my Amazon Route 53 private hosted zone. How can I resolve this issue?
By default, DNS queries for private hosted zones are resolved only by the Amazon-provided virtual private cloud (VPC) DNS server. However, you can configure DNS forwarder settings to send requests destined for the Route 53 private hosted zone to the VPC-provided DNS instead.
First, install the Active Directory Domain Services and Active Directory Lightweight Directory Services Tools on a domain joined Amazon Elastic Compute Cloud (Amazon EC2) instance.
Note: In the Features tree, be sure to select both AD DS and AD LDS Tools and DNS Server Tools.
Then, follow these steps:
- Log in to the Remote Server Administration Tools (RSAT) instance using the Administrator account.
- Open the DNS management tool from Windows Administrative Tools.
- Connect to the DNS server using the fully qualified domain name (FQDN) for your domain.
- Expand DNS, open the context (right-click) menu for the domain name, and then choose Properties.
- From the Forwarders tab, edit the IP address of the forwarding servers to point to the Amazon VPC-provided DNS.
Note: The Amazon VPC-provided DNS is the second address of the VPC. For example, if the VPC CIDR is 10.0.0.0/16, then the Amazon VPC-provided DNS is 10.0.0.2. For more information, see Amazon DNS server.
Remote Server Administration Tools (RSAT) for Windows on the Microsoft website