Resolve Route53 records whilst being joined to an Active Directory

Question

When I create a private hosted zone and add a record set to it, let's say an A record (test.apps.local -> 1.1.1.1), any EC2 instances deployed on that VPC will be able to resolve that record set (you can ping test.apps.local and get [1.1.1.1] back).

Part of the process of joining an instance (Windows) to an Active Directory domain is to change the DNS servers on the instance - the setting must be changed from automatic DNS servers to two specific IPs (the IPs of the domain controllers for the Active Directory). After doing that, the instance resolves objects in the Active Directory domain (you can authenticate users defined in the AD for example). However, it stops resolving the record sets defined in Route53.

I guess the reason for that is that the instance doesn't look at the AWSProvidedDNS servers that know about the record set, so it doesn't find a match (i.e. when you ping test.apps.local you get nothing back now).

Is there a way to work around this and have an EC2 instance that is able to resolve Route53 whilst being joined to an Active Directory domain?

Answer 1

Since the second usable IP address in each subnet is reseved as DNS server by AWS add a new DNS forwarded record in AD to point to the second address .2 of your VPC subnet, for intance if your VPC is 10.0.0.0/16 the DNS address will be 10.0.0.2