amazon-web-services amazon-route53 aws-vpc

How to connect a machine on VPN to AWS PHZ DNS?

I have an AWS VPC with Private Hosted Zone (PHZ) setup so all machines launched within the VPC can resolve my console-defined domains, for example a1.mydomain.

I would like for on-site machines at the end of my VPN (not in VPC but connected to a VPN server machine in the VPC) to be able to resolve these PHZ domains as well.

Is this possible?

Solution

In order to resolve PHZ, the request must come from the DNS resolver of the VPC:

Setup a DNS server on the VPN instance that forwards queries of a1.mydomain to the VPC DNS resolver which is the third address of your VPC network (.2)
Make sure to setup the DNS server to forward other queries to a public DNS server like Google (8.8.8.8/8.8.4.4) or CloudFlare (1.1.1.1)
Setup the VPN to push its own private IP as a DNS server to users
On-premise machines connected to the VPN will be able to resolve records in PHZ

Using a bind9 + OpenVPN works quite well

How to pull every single image (tag or untagged) from AWS ECR?
In CloudFormation how can I link RDS and Secrets Manager so I don't have to hardcode the password?
How to install postgresql-client to Amazon EC2 Linux machine?
PyCharm: Why "Python Console" is not accessing ~\.aws\credentials file? How to set it within "Python Console"
Is it possible to run aws s3 sync with boto3?
Python 3 asyncio with aioboto3 seems sequential
Serverless / AWS Lambda - Create the triggers for the published lambda versions
AWS Glue missing permissions
Invoking lambda from API gateway test, but hitting the endpoint does not invoke the lambda. 500 returned
terraform destroy needs original terraform code to destroy?
How to correctly/safely access parameters from AWS SSM Parameter store for my Python script on EC2 instance?
Why is my image not displaying on my Web page?
How to copy blobs from azure to aws using python?
S3 Bucket action doesn't apply to any resources
Couldn't proceed with upgrade process as new nodes are not joining node group standard-workers
How to customize "From" name for SNS emails
Changing the name of a Load Balancer on AWS Console
how to decrease the exceution time of aws lambda function nodejs
Timeout when trying to retrieve EC2 instance-id metadata from within it
Row was updated or deleted by another transaction (or unsaved-value mapping was incorrect)
Downloading an entire S3 bucket?
Unable to unzip .zip file on linux machine
Missing Authentication Token while accessing API Gateway?
AWS S3 Access Denied when open object URL in browser
How to update a nested field in dynamodb via cli?
AWS Lambda NodeJs unable to return response
How can I access my AWS MSK managed kafka queue from my local machine and EC2 instances in other regions
How to recreate EC2 instances of an autoscaling group with terraform?
AWS Cloudwatch Alarm Issue
AWS EC2 | using Rusoto SDK: Couldn't find AWS credentials