DNS Forwarding Amazon Route 53 with Resolver Rules

DNS Forwarding Amazon Route 53 with Resolver Rules

Amazon Route 53 is a highly available and scalable DNS service offered by Amazon Web Services (AWS). One of the key features of Amazon Route 53 is the ability to forward DNS queries to specific IP addresses using Resolver Rules. In this article, we will discuss how to configure DNS forwarding in Amazon Route 53 via one Elastic IP address (EIP) to use DigitalStakeout Protective DNS.

Using DigitalStakeout Protective DNS will prevent malicious domain activity connecting to C2 domains, DGAs, compromised sites, and low reputation domains. By configuring Amazon Route 53 to forward DNS queries DigitalStakeout PDNS, administrators can improve the security of their networks and discover when high risk domains are being resolved by cloud assets.

Here's an overview of the process:

Step 1: Allocate a new Elastic IP address
To begin, log in to your AWS account and open the Amazon VPC console. From the navigation pane, choose "Elastic IPs" and Allocate a new Elastic IP address.

Step 2: Create a Virtual Private Cloud (VPC) and configure a NAT gateway or a Network Interface
Create a Virtual Private Cloud (VPC) and configure a NAT gateway, or a Network Interface (ENI) in the VPC.

Step 3: Associate the Elastic IP address with the NAT gateway or Network Interface.
Associate the Elastic IP address with the NAT gateway or Network Interface. This will ensure that all traffic going through the NAT gateway or Network Interface will be coming from this Elastic IP address.

Step 4: Update your Route 53 Resolver rules
Open the Amazon Route 53 console. In the navigation pane, choose "Resolver" and create a new Resolver rule. In the "Rule" section, specify a name for your rule. In the "Target IP addresses" section, add DigitalStakeout PDNS IPv4 and IPv6 Addresses (found in the top tab of the portal), and the Elastic IP address you associated with the NAT gateway or Network Interface. Choose "Create" to create the rule.

Step 5: Create a Site with your Elastic IP address
Copy the public Elastic IP address, follow the procedure to Configure a Static IP Site to use DigitalStakeout PDNS.

Step 6: Verify your configurations

Once this is done, all external DNS requests will come from the Elastic IP address, which is a static, public IP address that you have control over. Once DNS requests are accepted by DigitalStakeout PDNS, you can view and search your DNS logs in real-time.

Note: This solution will only work for traffic that goes through the NAT gateway or Network Interface, it won't work for traffic that is coming from the internet that doesn't pass through the VPC.

Configuring Amazon Route 53 to forward DNS queries via one Elastic IP address (EIP) to use will improve the security of your Amazon networks and protect against malicious activity. By following the above steps, you should now be able to configure DNS forwarding in Amazon Route 53 via one Elastic IP address (EIP) to use DigitalStakeout PDNS over IPv4 and IPv6.


    • Related Articles

    • HTTP Log Forwarding DNS Logs

      DigitalStakeout PDNS supports real-time log HTTP forwarding. Log forwarding is a real-time fork of your DNS log data to a target HTTP webhook endpoint. We do the hard work by enriching and annotating your logs with contextual information. DNS logs ...
    • Forwarding BIND DNS Queries to DigitalStakeout PDNS

      DNS forwarding is a useful technique for distributing the workload of handling DNS queries across multiple servers and improving the efficiency of the overall system. In this article, we will look at how to configure DNS forwarding on Bind in Ubuntu ...
    • DNS Acronyms

      These acronyms and terms are frequently used when discussing securing DNS. DNS: Domain Name System. This is a system that translates human-readable domain names (such as www.example.com) into numerical IP addresses that computers can use to ...
    • Syslog Fowarding DNS Logs

      DigitalStakeout PDNS supports real-time log syslog forwarding. Log forwarding is a real-time fork of your DNS log data to a target syslog server. We do the hard work by enriching and annotating your logs with contextual information. DNS logs are ...
    • What is a DNS Firewall?

      A DNS firewall is a security tool that helps to protect networks and devices from cyber threats. It works by analyzing DNS (Domain Name System) traffic and identifying requests that match patterns or rules associated with malicious activity. If a ...