0

I have an internal DNS setup setup in my AWS VPC network, I just created an internal load balancer and added a CNAME record to this load balancer, but it's not working.

DNS CNAME entry:

db1     IN      CNAME   internal-DB1-1579653487.us-east-1.elb.amazonaws.com.

nslookup looks good:

epf-mac:~ erico$ nslookup -q=CNAME db1
Server:     10.0.200.4
Address:    10.0.200.4#53

db1.example.com canonical name = internal-DB1-1579653487.us-east-1.elb.amazonaws.com.

Load balancer hostname points to 2 IPs (Load Balancer working in two subnets).

epf-mac:~ erico$ nslookup internal-DB1-1579653487.us-east-1.elb.amazonaws.com.
Server:     10.0.200.4
Address:    10.0.200.4#53

Non-authoritative answer:
Name:   internal-DB1-1579653487.us-east-1.elb.amazonaws.com
Address: 10.0.211.228
Name:   internal-DB1-1579653487.us-east-1.elb.amazonaws.com
Address: 10.0.200.65

But actual name doesn't work:

epf-mac:~ erico$ ping db1
ping: cannot resolve db1: Unknown host
epf-mac:~ erico$ dig db1

; <<>> DiG 9.8.3-P1 <<>> db1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39452
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;db1.               IN  A

;; AUTHORITY SECTION:
.           9456    IN  SOA a.root-servers.net. nstld.verisign-grs.com. 2014100901 1800 900 604800 86400

;; Query time: 165 msec
;; SERVER: 10.0.200.4#53(10.0.200.4)
;; WHEN: Thu Oct  9 21:10:30 2014
;; MSG SIZE  rcvd: 96

----- EDIT (FIXED) -----

I don't know exactly what it was, but the entry started working without make any additional changes, some DNS caching probably.

Erico
  • 156
  • 2
  • 12
  • What is the output of: ping db1.example.com dig db1.example.com I suppose you have proper entries in /etc/resolv.conf > search "domainname" > server "ip" **Also does your DNS server has "forwarder" configured to talk to AWS provided DNS server? NOTE: it would be your VPC's starting ipaddress + 2** if VPC = 10.0.0.0/16; DNS would be 10.0.0.2 – Jayan Oct 10 '14 at 00:25
  • Hey Jayan, yes, I have all that. search "example.com" in my client DNS file and forwarders to AWS internal DNS in my bind configuration for internal domain names. – Erico Oct 10 '14 at 00:35

1 Answers1

1

It wasn't any sort of negative caching. Take another look at the actual query that was performed:

;; QUESTION SECTION:
;db1.               IN  A

The trailing dot means that the query was for a FQDN of db. (note the trailing dot), and your search suffix of example.com was not automatically suffixed. The dig command does not automatically append the search suffix specified in /etc/resolv.conf. From the manpage:

  +[no]search
      Use [do not use] the search list defined by the searchlist or domain
      directive in resolv.conf (if any). The search list is not used by
      default.
Andrew B
  • 32,588
  • 12
  • 93
  • 131