AWS Certified Advanced Networking - Specialty (#35)

Your organization needs to resolve DNS entries stored in an Amazon Route 53 private zone “awscloud:internal” from the corporate network. An AWS Direct Connect connection with a private virtual interface is configured to provide access to a VPC with the CIDR block A DNS Resolver (BIND) is configured on an Amazon Elastic Compute Cloud (EC2) instance with the IP address within the VPC. The DNS Resolver has standard root server hints configured and conditional forwarding for “awscloud.internal” to the IP address

From your PC on the corporate network, you query the DNS server at for The query is successful and returns the appropriate response. When you query for “server.awscloud.internal”, the query times out. You receive no response.

How should you enable successful queries for “server.awscloud.internal”?

Attach an internet gateway to the VPC and create a default route.
Configure the VPC settings for enableDnsHostnames and enableDnsSupport as True
Relocate the BIND DNS Resolver to the corporate network.
Update the security group for the EC2 instance at to allow UDP Port 53 outbound.