I have a VPC using the network 10.10.1.0/24, and a Site-to-Site VPN connection to my local subnet (192.168.1.0/24). The VPN uses addresses in the 10.11.254.0/24 range. When I connect to the VPN, I can access hosts in both the local subnet and the AWS private subnet (10.10.1.0/24), so I believe I have the routing table set up properly to send packets bound for my local network 192.168.1.0/24 back through the site-to-site VPN.
The AmazonProvidedDNS server seems to be working properly inside the VPC; I can run dig @10.10.0.2 ip-10-10-1-215.ec2.internal from a host in the VPC, and I get the expected response.
However, if I run that same dig command from may laptop, through the site-to-site connection, I get no response.
From running tcpdump on the vpn server, I see the A? packets coming from my VPN address, going to 10.10.1.2, but I don't see any response coming back. Is there something I need to do to enable the DNS server to answer requests from outside the VPC address range?
This question has the exact same issue, but using a VPN server. The site-to-site connections don't have the same flexibility. It's been almost 10 years, is there a way to get the VPC DNS resolver to respond to "remote" queries?
