Howto: Point AWS to Umbrella with new Route 53 Feature

Follow

Comments

2 comments

  • Avatar
    patrick.marr

    Note: this will forward everything to Umbrella. 

    The creation of the "." forwarding rule overrides all other rules. 

    If you have an environment where you want some domains like yourcompany.com forwarded on on-prem resolvers, this will send those requests to Umbrella. 

    So the setup suggested here did not work for us. We want R53 to send our internal requests to our private DNS servers, and we want R53 to send all others to Umbrella.

    It seems the only way to do this is to use VAs... 

     

    0
    Comment actions Permalink
  • Avatar
    vittorio.garbellotto

    The guide MISS a step as indicated in https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html#resolver-overview-forward-vpc-to-network-domain-name-matches

    "Note

    If you create a conditional forwarding rule for "." (dot) or "com", we recommend that you also create a system rule for amazonaws.com. (System rules cause Resolver to locally resolve DNS queries for specific domains and subdomains.) Creating this system rule improves performance, reduces the number of queries that are forwarded to your network, and reduces Resolver charges." and it also DOES NOT BREAK YOUR VPC endpoints

    Second point, the IPs to register in Umbrella console are the public IPs of the NAT instance/gateway/service connected to the subnets where the endpoints have been created.

    0
    Comment actions Permalink

Please sign in to leave a comment.