stackoom
  简体   繁体   中英

DNS names within VPN VPC

 原文  2020-03-28 20:45:30       amazon-web-services/ dns/ vpn/ amazon-route53/ amazon-vpc

Question

We can connect to our AWS EC2 only from within the company VPN. I made a request to create DNS names for the servers. This would be made using AWS Route 53.

The operations team says that having a DNS name is a security risk and the explanation is "Names are easy to guess compared to IP addresses" "setting up a DNS for a sever in the public zone directly exposes the servers origin IP and opens up a potential to the DDOS attacks as well as subnet vulnerability"

The servers are not exposed outside our VPN. We have separate AWS accounts for different teams and public zone here refers to a different team.

Does the operations team have valid argument.

1 answers

solution1
 2 ACCPTED  2020-03-28 22:52:52

You should create a Route 53 Private Hosted Zone so the DNS name can't be resolved publicly.

You then need to configure the DNS server in the office to incorporate DNS responses from Route 53 by using a forwarder .

I don't know the full details, but here's some articles that should help:

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I get AWS Client VPN to resolve DNS using VPC-peered Private Hosted Zone VPN appliance in AWS VPC VPN to access multiple VPC AWS Cloudfront for VPC/VPN AWS VPN to AWS VPC VPC Endpoint DNS not responding How to setup VPC to VPC connection without VPN? CannotPullContainerError from public fargate service after creating ECR vpc endpoint with private dns names enabled How to expose kubernetes dashboard to all users within my vpc using a static DNS in AWS EKS? AWS VPC DNS Hostnames on or off
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM