With regards to your youtube example in which you resolve DNS via internal AWS forwarders, youtube will most likely see the source as the closest egress point from AWS to the "internet". This is most likely in the Frankfurt region so this scenario sounds accurate with how youtube is routing you to their servers in Germany and not Poland when the request is fulfilled via you VPC DNS server.
As for what to do to address this? If no DNS server is supplied on the client vpn, it will default to the DNS configured on the local machine. With split tunneling enabled, this should do to your local/internal non-AWS DNS server to provide hostname resolution. In this scenario, you will likely want to be able to resolve private AWS VPC hosts. In this case I would look into using your local DNS resolver (ie: so that youtube provides the resolution that you want) and also use AWS Route53 resolver endpoints so you can resolve private AWS VPC hosts. Some links are below, hope this helps!
Thanks for the answer. I do not fully understand how Route53 resolver can help me in this case - addresses from the hosted zone are resolved correctly at the moment, the problem is that all DNS queries are handled by AWS DNS Server, which may return not optimal results for some of the addresses. So what I'd like to achieve is that only those private addresses are resolved by AWS, the rest fallbacks to the local DNS configuration.
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated a year ago