DEV Community

Wakeup Flower
Wakeup Flower

Posted on

DNS between On-premises & AWS

#aws

You’ve got two worlds:

  1. On-premises network (your datacenter).
  2. AWS VPC (your cloud network).

Each world has its own DNS:

  • On-prem DNS knows about servers in the datacenter (e.g., db.local.company.com).
  • AWS Route 53 Resolver knows about VPC resources (e.g., ip-10-0-1-5.ec2.internal).

👉 But if your on-premises apps want to resolve an AWS private hostname (like an EC2’s internal DNS), they can’t — unless you set up a bridge.

🔹 The “Bridge” = Route 53 Resolver Endpoints

Think of Route 53 Resolver as a telephone operator sitting at the border of your VPC.

  • Inbound Endpoint = A phone number where people call into AWS to ask DNS questions.
  • Outbound Endpoint = A phone number AWS can use to call out to on-prem DNS for answers.

🔹 Use Case: On-premises needs to resolve AWS names

Flow:

  1. On-prem DNS server gets a query: “What’s the IP of ip-10-0-1-5.ec2.internal?”
  2. It doesn’t know the answer, so it forwards the query to the Route 53 Inbound Endpoint in AWS.
  3. Route 53 Resolver answers: “That’s 10.0.1.5.”
  4. On-prem DNS passes that back to the application. 
On-Prem App ---> On-Prem DNS ---> Route 53 Inbound Endpoint ---> AWS VPC Resolver ---> EC2 private IP
Enter fullscreen mode Exit fullscreen mode

👉 In short: Inbound = on-premises can ask AWS about AWS stuff.

🔹 Reverse Use Case: AWS needs to resolve on-premises names

Flow:

  1. An EC2 instance inside the VPC asks: “What’s the IP of db.local.company.com?”
  2. Route 53 Resolver doesn’t know, so it uses an Outbound Endpoint to forward the query to the on-prem DNS server.
  3. On-prem DNS replies with the IP. 
EC2 App ---> Route 53 Resolver ---> Outbound Endpoint ---> On-Prem DNS ---> Response back to EC2
Enter fullscreen mode Exit fullscreen mode

👉 In short: Outbound = AWS can ask on-prem about on-prem stuff.

🔹 Simplified Rule of Thumb

  • Inbound endpoint = Let on-premises → query AWS names.
  • Outbound endpoint = Let AWS → query on-premises names.
        ┌──────────────────────────┐
        │      On-Prem Network     │
        │                          │
        │   On-Prem DNS Resolver  │
        │                          │
        └─────────────┬────────────┘
                      │ DNS Query
                      ▼
        ┌──────────────────────────┐
        │ Route 53 Resolver       │
        │   Inbound Endpoint      │
        └─────────────┬────────────┘
                      │ DNS Resolution for
                      │ AWS VPC Names
                      ▼
        ┌──────────────────────────┐
        │    AWS VPC Network       │
        │                          │
        │ EC2 Instances, Services │
        └──────────────────────────┘
Enter fullscreen mode Exit fullscreen mode

───────────────────────────────────────────────────────────────────

        ┌──────────────────────────┐
        │      AWS VPC Network     │
        │                          │
        │ EC2 Instances / Apps    │
        └─────────────┬────────────┘
                      │ DNS Query
                      ▼
        ┌──────────────────────────┐
        │ Route 53 Resolver       │
        │   Outbound Endpoint     │
        └─────────────┬────────────┘
                      │ DNS Resolution for
                      │ On-Prem Names
                      ▼
        ┌──────────────────────────┐
        │      On-Prem Network     │
        │                          │
        │   On-Prem DNS Resolver  │
        └──────────────────────────┘
Enter fullscreen mode Exit fullscreen mode

Top comments (0)