We have defined Route53 Resolver Rule with an Resolver Outbound Endpoint that forwards requests to our on-prem DNS servers, and it works fine from within EC2 instances, I can confirm that from an ssh session nslookup, however, MSK Connect connector that is referencing a schema registry URL throws UnknownHostException being unable to resolve DNS. I checked security group outbound rules for MSK and they allow all traffic, and our network admin actually see requests coming and responding at about the time when MSK connect logs the error. What can obstruct MSK to receive response?
Asked
Active
Viewed 648 times
0
-
Create a ec2 instance on private subnet without public IP. And run the same test. And where is service whose DNS you are trying to resolve from your on-prem DNS server? Is it on AWS or on-prem? – Snigdhajyoti Dec 29 '21 at 16:38
-
Service is on AWS. – hdjur_jcv Dec 30 '21 at 17:19
-
It is that schema registry service that is deployed as kubernetes service on AWS. – hdjur_jcv Dec 30 '21 at 17:24
-
I have faced similar issue with DNS resolving few days back. So in our case we were creating VPC endpoint for secret manager and block public internet access. However what I saw in logs when MSK Connect trying to resolve `secretmanager.us-east-1.amazonaws.com` it was getting public ip even if we have DNS resolution enabled on VPC, and was not able to connect because we were in private subnet without NAT gateway. What my guess is, MSK connect is not using VPC provided DNS server. The service is still in early phase, I had to switch to confluent docker image of kafka-connect. – Snigdhajyoti Jan 04 '22 at 20:01