top of page
download.png

CloudMates Blog

How to use split dns traffic across on-prem and private hosted zone for Amazon WorkSpaces

Amazon WorkSpaces is a Amazon managed, secure Desktop-as-a-Service (DaaS) solution,which helps you save money when compared to traditional desktops and on-premises VDI solutions and also eliminate the complexity in managing hardware inventory, OS versions and patches.Depending on your IT infrastructure you might want to use your on-prem DNS servers for majority of you traffic and at the same time want to use

1)Login to your workspaces/domain joined instance using a non Administrator account (Non Admin account is important for an ec2 instance)

2)If not installed,please install DNS Manager by going to Server Manager > Add Roles and Features > Features > Remote Server Administration tools

Remote Server Administration Tools

Alternatively you can use the powershell command

PS C:\> Add-WindowsFeature rsat-adds 

3)Go to Windows Administrative tools > Click on DNS and then Open as Administrator.In on pop up window enter your Active directory Admin username and password (This is also the reason why you should not login to the domain joined instance using Administrator login,as by default the windows machine tries to use the local Administrator password rather than the AD Admin password ).

Windows Server DNS Manager

Please note that the AD username will be “Admin” and incase you forget the password you can go the active directory console and change the AD password.

4)In the Connect to DNS Server window ,enter the IP address of the DC DNS IP address you see in your domain controller output.

5)Now for the DNS queries which you want to forward to your VPC DNS/Private Hosted zones ,create Conditional forwarder.Please note the IP address of the forwarder is the VPC DNS IP (generally the .2 IP of the VPC CIDR range)

You could also select the option for Store this confitional forward in AD and replicate as follows to make sure the secondary AD DNS too gets the conditonal forwarder rule .

6)For sending all other queries to your on-prem network you can create a forwarder rule .

You will need to connect to the second AD DNS server from your ec2 instance to configure forwarder on it.

You could also use it the other way around ,ie configure all queries to be send to the VPC DNS using the forwarder and only the corp intranet queries to be send to the on-prem dns using conditional forwarder.

0 comments

Recent Posts

See All

Comments


bottom of page