A company has an AWS Site-to-Site VPN connection linking its VPC to an on-premises network, with the default DHCP options set associated with the VPC. An application running on an Amazon Linux 2 EC2 instance within the VPC needs to retrieve an Amazon RDS database secret stored in AWS Secrets Manager via a private VPC endpoint. Additionally, an on-premises application provides an internal RESTful API service accessible via the URL https://api.example.internal, with internal DNS resolution handled by two on-premises Windows DNS servers.

The EC2 instance's application fails to call the on-premises API service when using the service's hostname but succeeds when using the service's IP address. What steps should the network engineer take to resolve this issue and prevent it from impacting other VPC resources?