Modify DNS resolvers/rules for AWS Duffy/OCP VPCs

While almost all resources are now migrated to AWS (dedicated VPCs) for CI infra, we still have some small but critical services to migrate. DNS for internal ci.centos.org is one of these.

Currently there are Route53 inbound/outbound endpoints and rules attached to two VPCs at AWS, and forwarding queries for ci.centos.org to internal (non public) resolvers located "on prem" Traffic passes through existing site-to-site vpn tunnel between AWS/VPC and RDU2 CI VLAN.

We need to :

add other ci.centos.org zones in AWS itself (either route53 zone, or smaller ec2 instance managed by ansible like they are for on prem bind zones)
configure inbound/outbound endpoints and rules at AWS side to ensure that we don't rely on VPN link for dns resolvers for *.ci.centos.org
shutdown/decommission dns resolvers from rdu2 for CI infra/vlan

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information