Question 12
Domain 1: Design Secure ArchitecturesAn application needs to resolve domain names. Where should the DNS server be configured in a VPC?
Correct answer: D
Explanation
In a VPC, DNS settings are configured at the VPC level so instances can use the same resolver for name lookups. AWS provides a built-in DNS resolver in the VPC, and custom DNS servers are set through the VPC’s DHCP options set, which supplies the "domain name servers" to instances.
Why each option is right or wrong
A. Custom DNS server on EC2
B. Use AWS-provided DNS at.2 address
C. Use Route 53 Resolver
D. Both B and C
Under Amazon VPC DNS behavior, the VPC’s built-in resolver is provided automatically at the VPC level, and any custom name server addresses are delivered to instances through the associated DHCP options set. The relevant control points are therefore the VPC configuration itself and the DHCP options set (specifically the domain-name-servers setting), not the individual instance or subnet; instances receive the DNS server via DHCP when they launch.