I have AWS Managed AD deployed in my environment with EC2 servers joined to the same AD. I am trying to deploy Cisco Umbrella Web proxy URL filtering which requires the DNS for all external domains to be forwarded through their DNS servers. I have set up DNS forwarders but any DNS request to an external domain(www.google.com or www.stackoverflow.com) is still being resolved by AWS managed DNS. I was wondering if DNS forwarding works with AWS Managed AD/DNS (Enterprise)? It should have been fairly straight forward to set it up but for some reason DNS forwarding is not working. Has anyone faced similar issues during configuration of external DNS forwarder on AWS managed AD?
Asked
Active
Viewed 510 times
0
-
You need to resolve in three areas. Names in the VPC (AWS DNS Server @ .2), names/zone managed by AWS Managed AD, and finally public names. You can configure AWS Managed AD DNS to forward to AWS (@ .2) or the reverse with a conditional forwarder. The issue is forwarding public DNS traffic to Umbrella. A suggestion, which I have not verified, is to set up AWS Managed AD DNS with a conditional forwarder to AWS DNS and another conditional forward for the public DNS traffic to Umbrella. Edit your question with more details on the forwarder that you have setup. – John Hanley Mar 24 '21 at 02:56
1 Answers
0
Thanks @b.b3rnd4rd for your suggestions with regards to setting up a new DHCP option set for the (AWS Managed)AD joined devices. I did that but it didn't really help. However, setting up a separate DHCP option set for AD joined devices seems to be the best practice, so I have left it as is.
@John Hanley thanks for pointing me in the right direction. I ultimately solved the problem after creating a Route53 Outbound EndPoint with the OpenDNS servers. After that on my AD DNS servers, I set the Route53 .2 forwarders. After that everything was routed through the OpenDNS servers.
susmit koirala
- 61
- 7