I am looking to resolve addresses in a private hosted zone network using customised forwarding rules configured in an on-prem DNS service. The forwarding rule would effectively say, "for my private domain xyz, forward queries to 10.1.1.2" where 10.1.1.2 is an AWS private IP address in a VPC corresponding to a resolver endpoint.
I looking to understand the differences between forwarding the queries to the standard .2 address in the VPC associated with the private zone, or setting up an inbound route 53 resolver endpoint to receive and resolve queries.
Apart from a difference in price, they both seem to do the same thing. I have confirmed using dig that I can use the .2 address to resolve private hosted zone records from outside the VPC (via transit gateway).
So technically, why would I want to use an inbound resolver endpoint, when I can resolve the queries more cheaply using the .2 address? What am I missing here?
I found some AWS doco that indicates .2 addresses are not usable outside the VPC, but I have confirmed this is incorrect.