-1

Even though I have a private domain configured in route 53 resolver for a vpc, new instances still have default names like:

ip-10-1-1-170.ap-southeast-2.compute.internal

Is there a way to configure things such that new instances will automatically have an FQDN of the (sub)domain I have configured like:

ip-10-1-1-170.green.example.com

I am hoping to ensure that instances in seperate deployments (dev/green/blue) have FQDN's in seperate sub domains (and different VPCs), so that I can configure my onsite DNS to know where any host is based on that sub domain in its name, but automatically getting the host name on start is the first step on that journey.

I can successfully create route 53 records to achieve this too one by one, but it seems a bit nuts for a compute cluster, so I'm hoping that theres a way to achieve it just with the host name and the route53 resolver will still correctly handle DNS requests to those hosts somehow.

openCivilisation
  • 796
  • 1
  • 8
  • 25

1 Answers1

1

This domains are actually related to the domain controller that the instances are bound to.

When you create a VPC, the default DHCP configuration is amazons DNS (AmazonProvidedDNS) which in your case is providing the ap-southeast-2.compute.internal domain names.

If you added a custom DHCP option set of green.example.com then this would become part of that domain and show the DNS as you expect, although you are limited to one DHCP option set per VPC.

AWS have the following services which can act as domain controllers although you would need to ensure that your on premise can also forward requests to these name servers to resolve the domains:

This is quite a bit of overhead in order to get the DNS names like those domains, it might be simpler by using 2 private hosted zones and automatings adding hosts to the domains along with an inbound endpoint instead from your on premise.

Chris Williams
  • 32,215
  • 4
  • 30
  • 68
  • Thanks for your helpful response! Where you say...."might be simpler by using 2 private hosted zones and automatings adding hosts to the domains along with an inbound endpoint instead from your on premise." I actually have done this, except for the automating adding the hosts to the domains. Could you explain more about what that might look like? It would be great if spot instances could do it too but just keen to learn the options available. – openCivilisation Aug 29 '20 at 23:37
  • I should also ask, is it possible to use a cloud init script and set the host name? then the resolver should hopefully take things from there automatically. – openCivilisation Aug 29 '20 at 23:54
  • Regarding the automating you would use CloudWatch Events, its one of the usecases on : https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/automating_with_cloudwatch_events.html. You would need to listen for the `RunInstance` event I believe which would then trigger a Lambda which would add your host to Route 53 (you could remove it during a terminate event). – Chris Williams Aug 30 '20 at 06:13
  • Updating the hostname on disk I am not sure, but I know this configuration is automated so there's a chance on reboots or other events that AWS would replace the settings. For domains they are ideally meant to be discovered via the DHCP option set, although you can also join a host to a domain (assuming it has NS) https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_join_instance.html – Chris Williams Aug 30 '20 at 06:16
  • The thing that strikes me as weird, (ignoring AD options- overkill as suggested) despite setting a domain name in the DHCP options set, and having a private hosted zone with the same domain name for the vpc, hosts will still aquire the annoying default AWS DNS domain name as their private DNS name. That makes me think the DHCP options set doesn't really get to set the host name at all. Having to set records for hostnames for each host in the cluster seems like overkill too when I think just the hostname should be enough, assuming it is registered with the DNS resolver correctly (likely). – openCivilisation Aug 30 '20 at 11:52
  • They should use the domain specified in the DHCP options I believe although it might take a little bit of time. If you launch a new instance it should be visible immediately – Chris Williams Aug 30 '20 at 11:58
  • This doesn't work for me. Is it possible you are thinking of a registed public domain / zone and public facing instances instead of private facing ones? – openCivilisation Sep 01 '20 at 10:50