Overview
Amazon Route 53 has now provided a new functionality that allows users to forward DNS queries to a specific network. This will enable users who have this service to point their DNS traffic to the Umbrella resolvers and apply settings to their Amazon VPC (Virtual Private Cloud).
Setting Up Your Route 53 Resolver
To forward your DNS requests to the Umbrella resolvers, you'll need to add a rule to forward all of your DNS queries to your network:
- Sign in to the AWS Management Console and open the Route 53 console at https://console.aws.amazon.com/route53/.
- Navigate to Rule > Create Rule
- Specify "forward" as the value
- Add the root domain "." (dot) for the domain name
- Associate the rule with all of the VPCs for which you want this to apply to
- Enter 208.67.222.222 and 208.67.220.220 as your Target IP Address
Note that the "dot rule" will not apply to some AWS internal domain names and record names in private hosted zones. If you want to forward these inquiries to an external network or to Umbrella for any reason, you will need to set up a separate rule using the specific internal domain names. If you run into issues setting up your Route 53 resolver, you can also visit the Amazon Route 53 Developer Guide for more details.
Once your Route 53 Resolver is configured to forward DNS traffic to Umbrella, you'll need to create a Network in the Umbrella dashboard with the IP address of the AWS Outbound endpoint you configured.
Comments
1 comment
Note: this will forward everything to Umbrella.
The creation of the "." forwarding rule overrides all other rules.
If you have an environment where you want some domains like yourcompany.com forwarded on on-prem resolvers, this will send those requests to Umbrella.
So the setup suggested here did not work for us. We want R53 to send our internal requests to our private DNS servers, and we want R53 to send all others to Umbrella.
It seems the only way to do this is to use VAs...
Please sign in to leave a comment.