2

I am new to Amazon Web Service (AWS)

I just created a VPC and and a subnet, which is inside it. However, I could not resolve any hostnames in this subnet (when I stay in any hosts in this subnet)

[ec2-user@ip-192-168-1-86 ~]$ nslookup
> ip-192-168-1-86.ec2.internal
Server:     192.168.1.2
Address:    192.168.1.2#53

** server can't find ip-192-168-1-86.ec2.internal: NXDOMAIN

I have double check that DNS resolution is enabled for my VPC and private DNS hostname is correct enter image description here

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Nguyễn Trí
  • 41
  • 1
  • 1
  • 4
  • Which region are you using? – Azize Apr 24 '21 at 12:09
  • 1
    @Azize: I am using us-east-1 and its hostname is correct as above. Anyway, i resolve it by enabling DNS hostname, in which Amazon says that it is used for assigning DNS public hostname. Otherwise, my problem is about DNS private hostname. I think AWS DNS resolution does not work as they describe – Nguyễn Trí Apr 25 '21 at 03:51

2 Answers2

2

From the AWS DNS documentation

When you launch an instance into a VPC, it always receives a private DNS hostname.

The DNS resolution depends on the enableDnsHostnames and enableDnsSupport flags.

By default, both attributes are set to true in a default VPC or a VPC created by the VPC wizard. By default, only the enableDnsSupport attribute is set to true in a VPC created any other way.

Depending upon the enableDnsHostnames and enableDnsSupport flags following rules apply:

If both attributes are set to true, the following occurs:

  • Instances with a public IP address receive corresponding public DNS hostnames.
  • The Amazon Route 53 Resolver server can resolve Amazon-provided private DNS hostnames.

If either or both of the attributes is set to false, the following occurs:

  • Instances with a public IP address do not receive corresponding public DNS hostnames.
  • The Amazon Route 53 Resolver cannot resolve Amazon-provided private DNS hostnames.
  • Instances receive custom private DNS hostnames if there is a custom domain name in the DHCP options set. If you are not using the Amazon Route 53 Resolver server, your custom domain name servers must resolve the hostname as appropriate.

If enableDnsHostnames and enableDnsSupport are true then check if the DHCP option set is modified.

  • Go to the VPC service page in the AWS Console. Select Your VPCs to see all the VPCs.
  • Select the VPC, and select Actions, Edit DHCP options set.
  • In the DHCP options set list, select the default DHCP option list, and then choose Save.

On the VPC service page, you can find the DHCP Options Sets where you can get the Default DHCP Options Sets.

It would take a couple of hours for the running EC2 instances to reflect this without a restart. You can also renew the IP lease by the following command.

  • Windows: ipconfig /renew
  • Linux: sudo dhclient -r

Or restart the instance, if you can't wait.

GSSwain
  • 5,787
  • 2
  • 19
  • 24
  • 1
    My Ec2 already gets their IPs by DHCP. It may be created by default. However, I find out that I could resolve all private DNS hostnames by enable DNS hostname, in which it support mapping DNS public hostname as AWS said.... – Nguyễn Trí Apr 24 '21 at 11:04
  • @NguyễnTrí I have updated the answer to include that as well. – GSSwain May 02 '21 at 23:27
  • Re. "If either or both of the attributes is set to false, the following occurs: ... The Amazon Route 53 Resolver cannot resolve Amazon-provided private DNS hostnames." I'm finding that this isn't true in some cases: I have an RDS instance, elasticache cluster, and EFS all provisioned in a private isolated subnet. From a bastion host in the same vpc (enableDnsHostnames is false), I'm able to resolve the pvt dns hostnames of the rds and elasticache instances just fine with nslookup, but not efs. Weird. – ack_inc Aug 16 '23 at 11:54
0

Check private dns hostnames supported by each region on documentation below.

A private (internal) DNS hostname resolves to the private IPv4 address of the instance. The private DNS hostname takes the form ip-private-ipv4-address.ec2.internal for the us-east-1 Region, and ip-private-ipv4-address.region.compute.internal for other Regions (where private-ipv4-address is the reverse lookup IP address). You can use the private DNS hostname for communication between instances in the same network, but we can't resolve the DNS hostname outside the network that the instance is in.

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html

Azize
  • 4,006
  • 2
  • 22
  • 38