Hi Bill. Headers are passed through the ALB and will be available on the API Gateway.

ALB will also add X-Forwarded-For and include the IP address of the host that sent the request - API Gateway will forward this in $context.identity.sourceIp.

I do always have DNS enabled in the VPC but it's not required here - the connection from ALB to API Gateway uses IP addresses and the host name for the ALB is publicly resolveable (we create a CNAME or Alias to the ALB public name).