DNS attributes within the VPC

Have you considered using route53 outbound endpoints and configure rules to forward requests for specific domains to on prem DNS servers.

That is also another option for you depending on your requirements

Here's a clarification on the settings enableDnsHostnames and enableDnsSupport in the VPC:

1. enableDnsHostnames allows instances with assigned public IPs to have corresponding DNS hostnames in the <region>.compute.amazonaws.com domain.

2. enableDnsSupport enables DNS resolution within the VPC, meaning your instances can resolve the DNS names of other instances.

If you're using Systems Manager via a VPC endpoint from the EC2 instances, you do not necessarily have to enable 'enableDnsHostnames' and 'enableDnsSupport' in the VPC settings. VPC endpoints allow private connections between your VPC and supported AWS services, so your traffic to Systems Manager doesn't need to leave the Amazon network.

In order to implement the configuration where you use your on-premises DNS server, you should specify your on-premises DNS servers in the DHCP options set. As per the documentation, it is not recommended to specify both the on-premises DNS server and AmazonProvidedDNS. So, you should choose only your on-premises DNS server.

Please remember to ensure that your on-premises DNS server can correctly resolve any necessary internal and external addresses for your application. If your on-premises DNS server has to resolve AWS-specific addresses, you may need to configure it to forward queries for the Amazon-provided DNS.