How can the Security Engineer block access to the Amazon-provided DNS in the VPC?

How can the Security Engineer block access to the Amazon-provided DNS in the VPC?

September 14, 2021 by Admin

A company has deployed a custom DNS server in AWS. The Security Engineer wants to ensure that Amazon EC2 instances cannot use the Amazon-provided DNS.

How can the Security Engineer block access to the Amazon-provided DNS in the VPC?

Deny access to the Amazon DNS IP within all security groups.
Add a rule to all network access control lists that deny access to the Amazon DNS IP.
Add a route to all route tables that black holes traffic to the Amazon DNS IP.
Disable DNS resolution within the VPC configuration.

Leave a Reply Cancel reply

×