An Amazon Elastic Compute Cloud (Amazon EC2) instance needs to resolve the domain name “corp.internal”. The authoritative domain name service (DNS) for this domain name is located at the corporate data center. The DNS query is sent to the virtual private cloud (VPC) + 2 resolver in the VPC. An Amazon Route 53 Forwarding rule is configured to forward any DNS query for “corp.internal” to the corporate data center. The DNS query is sent to the Route 53 Resolver outbound endpoint. The Route 53 Resolver outbound endpoint forwards the query to the on-premises DNS resolver with a private connection between AWS and the corporate data center – either using AWS Direct Connect or AWS Site-toSite VPN. DNS resolution for corp.internal domain names is carried out by the DNS resolver located in the corporate data center. A client located in the corporate data center needs to resolve an “amazonaws.com” domain name. It sends the query to an internal DNS resolver. The DNS resolver in the corporate data center has a forwarding rule that forwards any DNS query for “amazonaws.com” DNS domains to the Route 53 Resolver inbound endpoint.

http://chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://d1.awsstatic.com/architecture-diagrams/ArchitectureDiagrams/hybrid-dns_route53-resolver-endpoint-ra.pdf?did=wp_card&trk=wp_card