A company is designing a hybrid DNS architecture. They have an on-premises data center and a multi-account AWS environment connected via AWS Direct Connect. On-premises servers need to resolve AWS private hosted zones (e.g., database.internal). AWS resources need to resolve on-premises hostnames (e.g., mainframe.corp.local). The solution must be highly available and centrally managed. Which combination of steps should the Architect take? (Select THREE)

Create an Amazon Route 53 Resolver Inbound Endpoint in a central shared services VPC.

Create an Amazon Route 53 Resolver Outbound Endpoint in the central shared services VPC.

Configure conditional forwarding rules on the on-premises DNS servers to point to the Inbound Endpoint IPs.

Deploy EC2 instances running BIND DNS in the central VPC to act as forwarders.

Configure Route 53 to use the on-premises DNS servers as the primary authoritative nameservers.

Create a Route 53 public hosted zone for the on-premises domain.