Answer: Create a new Route 53 Resolver inbound endpoint in the shared services VPC. Create forwarding rules for the on-premises hosted domains. Associate the rules with the new Resolver endpoint and each application VPC. Update each application VPC's DHCP configuration to point DNS resolution to the new Resolver endpoint.

To meet the requirements, the network engineer needs to ensure that applications in the application VPCs can resolve DNS for internally hosted domains on premises, local VPC domain names, and domains hosted in Amazon Route 53 private hosted zones. This requires setting up DNS resolution that can forward queries to on-premises DNS servers for internal domains and use Route 53 for private hosted zones and local VPC domain names. Option A is the correct choice because it involves creating a Route 53 Resolver inbound endpoint in the shared services VPC, which allows DNS queries to be forwarded to on-premises DNS servers. It also involves updating each application VPC's DHCP configuration to point DNS resolution to the new Resolver endpoint, ensuring that all DNS queries from the application VPCs are routed through the Resolver endpoint. This setup enables the resolution of both on-premises domains and domains hosted in Route 53 private hosted zones. Option B and C suggest creating an outbound endpoint, which is not necessary for this scenario since the requirement is to resolve on-premises domains, not to allow on-premises systems to resolve AWS domain names. Option D is similar to A but lacks the crucial step of updating the DHCP configuration in the application VPCs, which is necessary to direct DNS queries to the new Resolver endpoint.

Author: LeetQuiz Editorial Team