Client VPN Connection to Route 53 Private Hosted Zone

1

I have one privately hosted zone in my vpc using Route 53. I also have one client vpn connection to that vpc, which is functioning normally. I have also enabled "DNS Configuration" in the Client VPN Settings. But my client is not able to access the hostname of the webitse hosted in the private hosted zone. Though they are able to access the website using client vpn connection but by using ip address. I want them to access it using hostname. I have tried defining the DNS ip in client vpn settings as

  1. AWS Provided DNS (VPC CIDR + 2)
  2. 2.Route 53 inbound endpoint ips. Both did not work. Help me out on this.
2 Answers
0

I believe you are almost here. The Route53 Inbound IPs must be used in the DNS server that is being used in your VPN. You have to create a forward rule for the private hosted zone domain pointing to the Inbound IPs. The clients shouldn't query the inbound IPs directly.

For reference -> https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-forwarding-inbound-queries.html

profile pictureAWS
answered a year ago
  • So what exactly is the request track. If im not wrong-

    1. Client VPN settings should include the DNS ip of Route 53 input endpoint.
    2. The input endpoint internally will resolve to VPC+2.
    3. The DNS Server at VPC+2 will forward the request to Route 53 resolver.
    4. Route 53 Resolver uses the forward rule. Am i correct on this?
  • The R53 endpoint doesn't go in the VPN configuration. It goes in the configuration of the DNS server that is used by the VPN. See https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-overview-DSN-queries-to-vpc.html#resolver-overview-forward-network-to-vpc The VPN clients will get a DNS server from the DHCP service and that server must know which domains must be resolved by R53.

    This will be the flow: [VPN Client]-------DNS Query------>[VPN DNS Server]----------DNS FORWARD THROUGH THE VPN--------------->[R53 Resolver Inbound Endpoint]

0

Hello,

There is a Knowledge Center article with detail steps on how to allow end users (clients connected to Client VPN) to query resource records hosted in my Amazon Route 53 private hosted zone.

https://aws.amazon.com/premiumsupport/knowledge-center/client-vpn-resolve-resource-records/

profile pictureAWS
EXPERT
answered a year ago
  • Yes i referred the article and it says- "Depending on your server configuration and the values that you specify for the "DNS Server IP address" parameter, the resolution of the private hosted zone domain varies" So what value should i specify. I did specify (VPC+2) and even the inbound endpoint ips but both did not work. Should i add something else as well?

  • So what exactly is the request track. If im not wrong-

    Client VPN settings should include the DNS ip of Route 53 input endpoint. The input endpoint internally will resolve to VPC+2. The DNS Server at VPC+2 will forward the request to Route 53 resolver. Route 53 Resolver uses the forward rule. Am i correct on this?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions