- Newest
- Most votes
- Most comments
If the domain is private then you have to resolve via an Internal IP. If its a public domain then you can just use the native internet. For private zones, I have set this up before and you would require one of 2 things.
- A site to site VPN between your VPC and the Azure virtual network of which you need to configure a route53 outbound resolver and an azure inbound resolver
- A Public container running in Azure running a DNS Forwarder with an AWS route53 outbound resolver pointing to the Public Container IP address. whiteducksoftware provider a container for doing this. https://github.com/whiteducksoftware/az-dns-forwarder
Thank you. I created outbound endpoint in AWS in the same VPC as the VPN server. When I am in the VPN and try to use dig @azure_inbound_IP, I receive the private IP of the FQDN requested, so the Azure part is working. But when I try the same with dig @aws_outbound_IP, I receive "connection refused". Any idea why that "connection refused"? It's not a security group issue as that would timeout instead I suppose...
OK, that's probably because it allows queries only from VPC's DNS server.
Also for anyone else configuring the same: You have to associate the outbound endpoint rule(s) with the VPCs you want the endpoint to provides the service for. Outbound endpoint just being in the its subnet is not enough.
Relevant content
- asked a year ago
- asked a year ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
