Route53 to replace MS AD DNS

Route 53 does support SRV records. A full list is here: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html

Route 53 Resolver and Route 53 Private DNS are purely DNS services. These services do not implement higher level Active Directory functions like Kerberos. That said, Kerberos is known to be quite sensitive to DNS entries being set up in a certain way (eg reverse lookup matching forward name). And AD does that transparently. In principle, you should be able to create the correct view of DNS in Route 53, but that may take some effort.

One way forward is to use Route 53 Resolver (ie the VPC's .2 address) on all instances for DNS resolution. Then create an outbound endpoint in the VPC where the AD Servers are and create forwarding rules to forward only those namespaces which the AD servers directly manage (both forward and reverse probably) to the IPs of the AD servers. The result should be that all queries for instance names, Private Hosted Zones, Private Link endpoints, AWS APIs and public names are served directly by Route 53 Resolver. The AD servers will receive queries only for the names they directly manage. The customer does not have to replicate AD's DNS management in Route 53 Private DNS.

Advantages of this approach are that the Route 53 Resolver should be more highly available and scalable compared to the DNS service provided by the AD servers (which are individual instances). In the worst case, if the AD server instances were to fail, most DNS would continue to work, except for those namespaces which forward to the AD servers.