I have a VPN setup between a AWS VPC and a GCP VPC with transit gateway on AWS side, cloud router on GCP side, with BGP sessions setup. I can ping a GCP instance from the AWS side and vice-versa using private IPs. However I want to dial over a FQDN by querying the private zones, resolving into private IPs, rather than using private zones directly. I am able to successfully access GCP private zone from AWS instance using route53 resolver rules and outbound endpoints. Now when I try to setup the other round, i.e. trying to access AWS route53 private zone from the GCP VPC, it is not resolving into private IPs. These are the steps I've followed:
Along with the official docs, the two articles that I followed were https://blog.searce.com/multi-cloud-private-dns-forwarding-a77718e2a3f9 and https://medium.com/@derek10cloud/the-gcp-server-requires-private-access-to-aws-api-which-is-available-only-in-the-aws-vpc-9f969260e79d. I am not sure what I am doing wrong. I suspect my DNS queries are not being forwarded. If someone has successfully done it before or someone who knows how to do it right, please help me.
The issue was that I had "DNS hostname" setting for the VPC as disabled. Both "DNS resolution" and "DNS hostname" needs to be enabled as mentioned here: https://docs.aws.amazon.com/vpc/latest/userguide/AmazonDNS-concepts.html#vpc-dns-support
If you use custom DNS domain names defined in a private hosted zone in Amazon RouteĀ 53, or use private DNS with interface VPC endpoints (AWS PrivateLink), you must set both the
enableDnsHostnamesandenableDnsSupportattributes totrue.