How do I get AWS Client VPN to resolve DNS using VPC-peered Private Hosted Zone

Question

I have a VPC in my AWS account peered to a VPC of a partners account. The partner account has Route 53 resolvers to resolve DNS within domain.com to IPs in their peered VPC.

I've associated my VPC with their private hosted zone.

Within my VPC (for example SSH into an EC2 instance), the DNS resolution for foo.bar.domain.com works great - I'm resolving & connecting to the resources in their VPC as expected.

However, when I'm running and AWS client VPN on my personal machine, I'm unable to resolve the foo.bar.domain.com to the same private IP address through the VPN. So, for example, running a development server on my machine connected to the partner VPC URLs is failing.

I've tried hosting a DNS server in the VPC with a zone forwarding rule pointing to the Route 53 IPs.

I've tried setting the VPN DNS server IP to the Route 53 IPs.

But none of that has worked. Help would be appreciated?

Answer 1

The answer was simpler than I thought: I just had to set the DNS server in the AWS Client VPN Endpoint settings to be the private IP address of my VPC's DNS (which is always the VPC's CIDR +2).

From the AWS docs:

If you're unsure about which IP address to specify for the DNS servers, specify the VPC DNS resolver at the .2 IP address in your VPC.

Client VPN Endpoints > Modify Client VPN Endpoint > Other optional parameters -> Enable DNS Servers -> IP Address