Backgroup:

I have an AWS Managed Active Directory(domain.com). I created a DHCP options set  to my domain.com and DNS IP address. Finally I applied it to the VPC. By default all of your EC2 instance in this VPC cannot resolve region-name.compute.internal, and I would like to create a conditional DNS forwarder on our domain.com to the Amazon default DNS provider.

Overview of the Steps - 
        1. Use an EC2 instance that is joined to the domain as an administrator's machine.

2. On this machine, install the DNS Server Tools under Remote Administration Tools, from the Add Roles and Features Wizard.

3. Run DNS Manager (dnsmgmt.msc) as the admin user from the domain, which prompts you to connect to the server. 
        [The Microsoft Active Directory type within AWS Directory Service provides two domain controllers (each in separate AWS Availability Zones) and an *Admin account* that has permissions for the most common administrative activities. These include user and group management, resource management, delegation, Group Policy management, and management of DNS configurations.]

Here, Select the button "The following computer" and type the IP address of one of the two provisioned AWS Directory Service for Microsoft AD domain controllers (10.0.0.16 or 10.0.0.248). Preferably, try with the Primary - 10.0.0.248.

4. After you have connected the DNS Manager to a Microsoft AD DNS service, you can configure the server and conditional forwarders. 
        For example, if you want these DNS servers to forward requests for your VPC-provided DNS, right-click Conditional Forwarders and select New Conditional Forwarder. Then, you can specify the private hosted zone and VPC-provided DNS IP address.

Please note that the VPC-provided DNS IP address will always be your VPC CIDR block “plus two.” For example, if your VPC uses 10.10.0.0/16, the VPC-provided DNS is 10.10.0.2.
        And, if you store a conditional forwarder in AWS Directory Service for Microsoft AD, it handles the replication of this to the other domain controller.

Reference Link:

https://aws.amazon.com/cn/blogs/security/how-to-set-up-dns-resolution-between-on-premises-networks-and-aws-using-aws-directory-service-and-microsoft-active-directory/

http://tekbloq.com/2017/05/12/add-a-conditional-forwarder-on-a-dns-server-windows-server-2008-r2/

Create a conditional DNS forwarder on our domain.com to Amazon default DNS provider的更多相关文章

  1. DNS 系列(一):为什么更新了 DNS 记录不生效?

    我们在上网时如果想要访问到另一台机器上的内容,通常只需要直接输入一串地址,例如:www.upyun.com,就能够准确访问到自己想要访问的网站.但是实际上这只是方便我们记忆的字符形式网络标识,真正让我 ...

  2. DNS隧道工具汇总——补充,还有IP over DNS的工具NSTX、Iodine、DNSCat

    github上有一堆的工具:https://github.com/search?utf8=%E2%9C%93&q=DNS+tunnel+&type= DNS隧道大检阅 研究了一天的DN ...

  3. 【入门】广电行业DNS、DHCP解决方案详解(三)——DNS部署架构及案

    [入门]广电行业DNS.DHCP解决方案详解(三)——DNS部署架构及案 DNS系统部署架构 宽带业务DNS架构 互动业务DNS架构 案例介绍 案例一 案例二 本篇我们将先介绍DNS系统部署架构体系, ...

  4. DNS稳定保障系列1--服务双保障“辅助DNS”产品介绍

    背景 2016 年 10 月 21 日,DNS 服务商 dyn 的服务器遭遇黑客大流量的 ddos 攻击,使得美国大量互联网公司如 twitter,github等都出现解析失败,无法提供服务.如下图可 ...

  5. 《DNS攻击防范科普系列1》—你的DNS服务器真的安全么?

    DNS服务器,即域名服务器,它作为域名和IP地址之间的桥梁,在互联网访问中,起到至关重要的作用.每一个互联网上的域名,背后都至少有一个对应的DNS.对于一个企业来说,如果你的DNS服务器因为攻击而无法 ...

  6. [PowerShell Utils] Automatically Change DNS and then Join Domain

    I would like to start a series of blog posts sharing PowerShell scripts to speed up our solution ope ...

  7. DNS工作流程及原理 域名、IP与DNS的关系

    转自:http://blog.csdn.net/maminyao/article/details/7390208 一.DNS服务概述 DNS是Domain Name System的缩写,即域名系统.其 ...

  8. 6.DNS公司PC访问外网的设置 + 主DNS服务器和辅助DNS服务器的配置

    网站部署之~Windows Server | 本地部署 http://www.cnblogs.com/dunitian/p/4822808.html#iis DNS服务器部署不清楚的可以看上一篇:ht ...

  9. Fix “Could not flush the DNS Resolver Cache: Function failed during execution” When Flushing DNS

    ipconfig /flushdns It is possible that you’re getting an error message “Could not flush the DNS Reso ...

随机推荐

  1. (数据科学学习手札11)K-means聚类法的原理简介&Python与R实现

    kmeans法(K均值法)是麦奎因提出的,这种算法的基本思想是将每一个样本分配给最靠近中心(均值)的类中,具体的算法至少包括以下三个步骤: 1.将所有的样品分成k个初始类: 2.通过欧氏距离将某个样品 ...

  2. 【python3.X】Scrapy学习途径参考

    如何爬取属性在不同页面的itemhttp://scrapy-chs.readthedocs.io/zh_CN/0.24/topics/request-response.html#topics-requ ...

  3. XenServer设置master,摧毁故障主机

    XenServer pool 移除server 设置master 这分为Pool Master是正常还是异常2种情况: 正常情况下可能要对Pool Master做一些停机维护,比如换内存条啥的,此时在 ...

  4. 基于Mysql-Proxy实现Mysql的主从复制以及读写分离(下)

    基于Mysql-Proxy实现Mysql的主从复制以及读写分离(下) 昨天谈到了Mysql实现主从复制,但由于时间原因并未讲有关读写分离的实现,之所以有读写分离,是为了使数据库拥有双机热备功能,至于双 ...

  5. Eclipse AmaterasUML 安装及使用

    AmaterasUML 对于我来说,是一个非常好用的UML插件. 用它来将我写过的一些Android程序进行逆工程非常好用,只不过,不能体现出包,这是一个小小的遗憾. 这个是它的主页地址:http:/ ...

  6. spring mvc 返回xml格式数据

    1.问题 : 因为业务需要,需要发送xml格式的数据,使用spring mvc 自己解析,就不用费心去自己搞这些东西. 2.解决: 新建一个实体类,直接在实体类中添加注解即可,如下: @XmlRoot ...

  7. XPATH之normalize-space(.)和normalize-space(text())区别

    normalize,字面意思就是正规化,加上space大概意思就是空格的处理了. 官方解释是这样的: 通过去掉前导和尾随空白并使用单个空格替换一系列空白字符,使空白标准化.如果省略了该参数,上下文节点 ...

  8. 用Fluent实现MySQL到ODPS数据集成

    安装ruby 首先通过 /etc/issue 命令查看当前使用centos是哪个版本: [hadoop@hadoop03 ~]$  cat /etc/issue 由于centos版本是6.6,安装ru ...

  9. go 语言模拟百度登录

    1.参考网上Python的例子自己写了一个go语言的.这个仅供学习技术参考,为了方便有部分参数直接phantomjs执行js获取,代码基本都有注释,测试打印没有删除,还请见谅! 2.本文参考http: ...

  10. java 生成简单word(利用Itext工具),生成简单Excel,以及下载笔记

    1.java 生成简单word(包含图片表格) pom中加入itext 相关依赖 <dependency> <groupId>com.lowagie</groupId&g ...