Backgroup:
I have an AWS Managed Active Directory(domain.com). I created a DHCP options set to my domain.com and DNS IP address. Finally I applied it to the VPC. By default all of your EC2 instance in this VPC cannot resolve region-name.compute.internal, and I would like to create a conditional DNS forwarder on our domain.com to the Amazon default DNS provider.
Overview of the Steps -
1. Use an EC2 instance that is joined to the domain as an administrator's machine.
2. On this machine, install the DNS Server Tools under Remote Administration Tools, from the Add Roles and Features Wizard.
3. Run DNS Manager (dnsmgmt.msc) as the admin user from the domain, which prompts you to connect to the server.
[The Microsoft Active Directory type within AWS Directory Service provides two domain controllers (each in separate AWS Availability Zones) and an *Admin account* that has permissions for the most common administrative activities. These include user and group management, resource management, delegation, Group Policy management, and management of DNS configurations.]
Here, Select the button "The following computer" and type the IP address of one of the two provisioned AWS Directory Service for Microsoft AD domain controllers (10.0.0.16 or 10.0.0.248). Preferably, try with the Primary - 10.0.0.248.
4. After you have connected the DNS Manager to a Microsoft AD DNS service, you can configure the server and conditional forwarders.
For example, if you want these DNS servers to forward requests for your VPC-provided DNS, right-click Conditional Forwarders and select New Conditional Forwarder. Then, you can specify the private hosted zone and VPC-provided DNS IP address.
Please note that the VPC-provided DNS IP address will always be your VPC CIDR block “plus two.” For example, if your VPC uses 10.10.0.0/16, the VPC-provided DNS is 10.10.0.2.
And, if you store a conditional forwarder in AWS Directory Service for Microsoft AD, it handles the replication of this to the other domain controller.
Reference Link:
https://aws.amazon.com/cn/blogs/security/how-to-set-up-dns-resolution-between-on-premises-networks-and-aws-using-aws-directory-service-and-microsoft-active-directory/
http://tekbloq.com/2017/05/12/add-a-conditional-forwarder-on-a-dns-server-windows-server-2008-r2/