AWS Internal DNS does not resolve












4














I was trying to migrate an A record from a public DNS to an internal DNS in Route 53. I figured something like this would be fairly straightforward:




  1. Remove A record for server foo.bar.net (Public DNS).

  2. Add A record for server foo.internalbar.net (Internal DNS).

  3. Modify Bastion host's resolv.conf to search for internalbar.net (both Bastion host and foo are in the same VPC). Only difference is that foo is part of a private subnet attached to a NATd Gateway.


After this is done, I cannot resolve foo when running host in the bastion host. I was getting:



host foo

Host foo.internalbar.net not found: 3(NXDOMAIN)


According to documentation, Route 53 would work within 60 seconds. I waited for about 10 minutes until I decided to revert the change. For what it's worth, the bastion host was a part of the public DNS. I even went as far as adding the bastion host to the internal DNS (it's private IP). Can anyone tell me what may have been the issue with me adding foo to the internal DNS server?






dns aws







share|improve this question






















  • Is nscd in play here, doing caching ?
    – steve
    Jul 7 '17 at 21:14










  • Im using Route53. I dont think R53 does caching, or atleast havent seen an option for it..
    – ryekayo
    Jul 7 '17 at 21:16










  • What about your bastion host, where the resolution is presenting problems ? Do you have nscd running here ps -ef|grep nscd ? It does both positive and negative caching, if running....
    – steve
    Jul 7 '17 at 21:28






  • 1




    Doesnt have nscd. But if your guessing that it has to do with DNS caching, it makes sense. I have a DNS entry for the bastion host on bind..
    – ryekayo
    Jul 7 '17 at 21:29










  • Only thing is how would it be relevant to me trying to switch an R53 entry from a public DNS to an internal DNS?
    – ryekayo
    Jul 7 '17 at 21:34
















4














I was trying to migrate an A record from a public DNS to an internal DNS in Route 53. I figured something like this would be fairly straightforward:




  1. Remove A record for server foo.bar.net (Public DNS).

  2. Add A record for server foo.internalbar.net (Internal DNS).

  3. Modify Bastion host's resolv.conf to search for internalbar.net (both Bastion host and foo are in the same VPC). Only difference is that foo is part of a private subnet attached to a NATd Gateway.


After this is done, I cannot resolve foo when running host in the bastion host. I was getting:



host foo

Host foo.internalbar.net not found: 3(NXDOMAIN)


According to documentation, Route 53 would work within 60 seconds. I waited for about 10 minutes until I decided to revert the change. For what it's worth, the bastion host was a part of the public DNS. I even went as far as adding the bastion host to the internal DNS (it's private IP). Can anyone tell me what may have been the issue with me adding foo to the internal DNS server?






dns aws







share|improve this question






















  • Is nscd in play here, doing caching ?
    – steve
    Jul 7 '17 at 21:14










  • Im using Route53. I dont think R53 does caching, or atleast havent seen an option for it..
    – ryekayo
    Jul 7 '17 at 21:16










  • What about your bastion host, where the resolution is presenting problems ? Do you have nscd running here ps -ef|grep nscd ? It does both positive and negative caching, if running....
    – steve
    Jul 7 '17 at 21:28






  • 1




    Doesnt have nscd. But if your guessing that it has to do with DNS caching, it makes sense. I have a DNS entry for the bastion host on bind..
    – ryekayo
    Jul 7 '17 at 21:29










  • Only thing is how would it be relevant to me trying to switch an R53 entry from a public DNS to an internal DNS?
    – ryekayo
    Jul 7 '17 at 21:34














4












4








4







I was trying to migrate an A record from a public DNS to an internal DNS in Route 53. I figured something like this would be fairly straightforward:




  1. Remove A record for server foo.bar.net (Public DNS).

  2. Add A record for server foo.internalbar.net (Internal DNS).

  3. Modify Bastion host's resolv.conf to search for internalbar.net (both Bastion host and foo are in the same VPC). Only difference is that foo is part of a private subnet attached to a NATd Gateway.


After this is done, I cannot resolve foo when running host in the bastion host. I was getting:



host foo

Host foo.internalbar.net not found: 3(NXDOMAIN)


According to documentation, Route 53 would work within 60 seconds. I waited for about 10 minutes until I decided to revert the change. For what it's worth, the bastion host was a part of the public DNS. I even went as far as adding the bastion host to the internal DNS (it's private IP). Can anyone tell me what may have been the issue with me adding foo to the internal DNS server?






dns aws







share|improve this question













I was trying to migrate an A record from a public DNS to an internal DNS in Route 53. I figured something like this would be fairly straightforward:




  1. Remove A record for server foo.bar.net (Public DNS).

  2. Add A record for server foo.internalbar.net (Internal DNS).

  3. Modify Bastion host's resolv.conf to search for internalbar.net (both Bastion host and foo are in the same VPC). Only difference is that foo is part of a private subnet attached to a NATd Gateway.


After this is done, I cannot resolve foo when running host in the bastion host. I was getting:



host foo

Host foo.internalbar.net not found: 3(NXDOMAIN)


According to documentation, Route 53 would work within 60 seconds. I waited for about 10 minutes until I decided to revert the change. For what it's worth, the bastion host was a part of the public DNS. I even went as far as adding the bastion host to the internal DNS (it's private IP). Can anyone tell me what may have been the issue with me adding foo to the internal DNS server?






dns aws




dns aws






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jul 7 '17 at 19:34









ryekayo

2,88592449




2,88592449












  • Is nscd in play here, doing caching ?
    – steve
    Jul 7 '17 at 21:14










  • Im using Route53. I dont think R53 does caching, or atleast havent seen an option for it..
    – ryekayo
    Jul 7 '17 at 21:16










  • What about your bastion host, where the resolution is presenting problems ? Do you have nscd running here ps -ef|grep nscd ? It does both positive and negative caching, if running....
    – steve
    Jul 7 '17 at 21:28






  • 1




    Doesnt have nscd. But if your guessing that it has to do with DNS caching, it makes sense. I have a DNS entry for the bastion host on bind..
    – ryekayo
    Jul 7 '17 at 21:29










  • Only thing is how would it be relevant to me trying to switch an R53 entry from a public DNS to an internal DNS?
    – ryekayo
    Jul 7 '17 at 21:34


















  • Is nscd in play here, doing caching ?
    – steve
    Jul 7 '17 at 21:14










  • Im using Route53. I dont think R53 does caching, or atleast havent seen an option for it..
    – ryekayo
    Jul 7 '17 at 21:16










  • What about your bastion host, where the resolution is presenting problems ? Do you have nscd running here ps -ef|grep nscd ? It does both positive and negative caching, if running....
    – steve
    Jul 7 '17 at 21:28






  • 1




    Doesnt have nscd. But if your guessing that it has to do with DNS caching, it makes sense. I have a DNS entry for the bastion host on bind..
    – ryekayo
    Jul 7 '17 at 21:29










  • Only thing is how would it be relevant to me trying to switch an R53 entry from a public DNS to an internal DNS?
    – ryekayo
    Jul 7 '17 at 21:34
















Is nscd in play here, doing caching ?
– steve
Jul 7 '17 at 21:14




Is nscd in play here, doing caching ?
– steve
Jul 7 '17 at 21:14












Im using Route53. I dont think R53 does caching, or atleast havent seen an option for it..
– ryekayo
Jul 7 '17 at 21:16




Im using Route53. I dont think R53 does caching, or atleast havent seen an option for it..
– ryekayo
Jul 7 '17 at 21:16












What about your bastion host, where the resolution is presenting problems ? Do you have nscd running here ps -ef|grep nscd ? It does both positive and negative caching, if running....
– steve
Jul 7 '17 at 21:28




What about your bastion host, where the resolution is presenting problems ? Do you have nscd running here ps -ef|grep nscd ? It does both positive and negative caching, if running....
– steve
Jul 7 '17 at 21:28




1




1




Doesnt have nscd. But if your guessing that it has to do with DNS caching, it makes sense. I have a DNS entry for the bastion host on bind..
– ryekayo
Jul 7 '17 at 21:29




Doesnt have nscd. But if your guessing that it has to do with DNS caching, it makes sense. I have a DNS entry for the bastion host on bind..
– ryekayo
Jul 7 '17 at 21:29












Only thing is how would it be relevant to me trying to switch an R53 entry from a public DNS to an internal DNS?
– ryekayo
Jul 7 '17 at 21:34




Only thing is how would it be relevant to me trying to switch an R53 entry from a public DNS to an internal DNS?
– ryekayo
Jul 7 '17 at 21:34










1 Answer
1






active

oldest

votes


















2














I'm going to make a couple of assumptions about your current setup:




  • You are using a VPC that has DNS resolution enabled. If it's not, visit your VPC dashboard and enable it for the VPC in question.

  • The EC2 instance in question is in the VPC above. The subnet and routes in this case are irrelevant, as long as local routing is in tact.

  • The Route53 hosted zone for internalbar.net is a "private hosted zone" (based on your comment about "internally" hosted DNS).

  • A record foo exists in the above zone.


So, now for the answer! Your DNS sever in /etc/resolv.conf should be the 2nd usable address in your VPC's CIDR block. For example, if your VPC's CIDR is 10.0.0.0/16, then the resolver would be 10.0.0.2.



Once you do that, it will resolve.



Reference for reserved VPC addresses: VPC Subnets






share|improve this answer























  • As per your answer, /etc/resolve.conf has the same value 10.0.0.2 but still the dns is not getting resolved and showing same error msg posted in the question. Any thoughts?
    – S.K. Venkat
    Jun 27 at 10:02











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f376067%2faws-internal-dns-does-not-resolve%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









2














I'm going to make a couple of assumptions about your current setup:




  • You are using a VPC that has DNS resolution enabled. If it's not, visit your VPC dashboard and enable it for the VPC in question.

  • The EC2 instance in question is in the VPC above. The subnet and routes in this case are irrelevant, as long as local routing is in tact.

  • The Route53 hosted zone for internalbar.net is a "private hosted zone" (based on your comment about "internally" hosted DNS).

  • A record foo exists in the above zone.


So, now for the answer! Your DNS sever in /etc/resolv.conf should be the 2nd usable address in your VPC's CIDR block. For example, if your VPC's CIDR is 10.0.0.0/16, then the resolver would be 10.0.0.2.



Once you do that, it will resolve.



Reference for reserved VPC addresses: VPC Subnets






share|improve this answer























  • As per your answer, /etc/resolve.conf has the same value 10.0.0.2 but still the dns is not getting resolved and showing same error msg posted in the question. Any thoughts?
    – S.K. Venkat
    Jun 27 at 10:02
















2














I'm going to make a couple of assumptions about your current setup:




  • You are using a VPC that has DNS resolution enabled. If it's not, visit your VPC dashboard and enable it for the VPC in question.

  • The EC2 instance in question is in the VPC above. The subnet and routes in this case are irrelevant, as long as local routing is in tact.

  • The Route53 hosted zone for internalbar.net is a "private hosted zone" (based on your comment about "internally" hosted DNS).

  • A record foo exists in the above zone.


So, now for the answer! Your DNS sever in /etc/resolv.conf should be the 2nd usable address in your VPC's CIDR block. For example, if your VPC's CIDR is 10.0.0.0/16, then the resolver would be 10.0.0.2.



Once you do that, it will resolve.



Reference for reserved VPC addresses: VPC Subnets






share|improve this answer























  • As per your answer, /etc/resolve.conf has the same value 10.0.0.2 but still the dns is not getting resolved and showing same error msg posted in the question. Any thoughts?
    – S.K. Venkat
    Jun 27 at 10:02














2












2








2






I'm going to make a couple of assumptions about your current setup:




  • You are using a VPC that has DNS resolution enabled. If it's not, visit your VPC dashboard and enable it for the VPC in question.

  • The EC2 instance in question is in the VPC above. The subnet and routes in this case are irrelevant, as long as local routing is in tact.

  • The Route53 hosted zone for internalbar.net is a "private hosted zone" (based on your comment about "internally" hosted DNS).

  • A record foo exists in the above zone.


So, now for the answer! Your DNS sever in /etc/resolv.conf should be the 2nd usable address in your VPC's CIDR block. For example, if your VPC's CIDR is 10.0.0.0/16, then the resolver would be 10.0.0.2.



Once you do that, it will resolve.



Reference for reserved VPC addresses: VPC Subnets






share|improve this answer














I'm going to make a couple of assumptions about your current setup:




  • You are using a VPC that has DNS resolution enabled. If it's not, visit your VPC dashboard and enable it for the VPC in question.

  • The EC2 instance in question is in the VPC above. The subnet and routes in this case are irrelevant, as long as local routing is in tact.

  • The Route53 hosted zone for internalbar.net is a "private hosted zone" (based on your comment about "internally" hosted DNS).

  • A record foo exists in the above zone.


So, now for the answer! Your DNS sever in /etc/resolv.conf should be the 2nd usable address in your VPC's CIDR block. For example, if your VPC's CIDR is 10.0.0.0/16, then the resolver would be 10.0.0.2.



Once you do that, it will resolve.



Reference for reserved VPC addresses: VPC Subnets







share|improve this answer














share|improve this answer



share|improve this answer








edited Dec 16 at 21:43









Rui F Ribeiro

38.9k1479129




38.9k1479129










answered Jun 12 at 19:32









cerberus

42126




42126












  • As per your answer, /etc/resolve.conf has the same value 10.0.0.2 but still the dns is not getting resolved and showing same error msg posted in the question. Any thoughts?
    – S.K. Venkat
    Jun 27 at 10:02


















  • As per your answer, /etc/resolve.conf has the same value 10.0.0.2 but still the dns is not getting resolved and showing same error msg posted in the question. Any thoughts?
    – S.K. Venkat
    Jun 27 at 10:02
















As per your answer, /etc/resolve.conf has the same value 10.0.0.2 but still the dns is not getting resolved and showing same error msg posted in the question. Any thoughts?
– S.K. Venkat
Jun 27 at 10:02




As per your answer, /etc/resolve.conf has the same value 10.0.0.2 but still the dns is not getting resolved and showing same error msg posted in the question. Any thoughts?
– S.K. Venkat
Jun 27 at 10:02


















draft saved

draft discarded




















































Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f376067%2faws-internal-dns-does-not-resolve%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Morgemoulin

Image
Morgemoulin — miejscowość i gmina — Państwo   Francja Region Grand Est Departament Moza Okręg Verdun Kod INSEE 55357 Powierzchnia 6,82 km² Populacja  (1990) • liczba ludności 75 • gęstość 11 os./km² Kod pocztowy 55400 Położenie na mapie Francji Morgemoulin 49°14′N   5°35′E / 49,233333   5,583333 Portal Francja Morgemoulin – miejscowość i gmina we Francji, w regionie Grand Est, w departamencie Moza. Według danych na rok 1990 gminę zamieszkiwało 75 osób, a gęstość zaludnienia wynosiła 11 osób/km² (wśród 2335 gmin Lotaryngii Morgemoulin plasuje się na 970. miejscu pod względem liczby ludności, natomiast pod względem powierzchni na miejscu 848.). Bibliografia | Francuski urząd statystyczny ( fr. ) . p   •   d   •   e Gminy okręgu Verdun Abaucourt-Hautecourt • Aincreville • Ambly-sur-Meuse • Amel-sur-l'Étang • Ancemont • Arrancy-sur-Crusne • Aubréville • Autré...
Read more

Scott Moir

Image
Scott Moir Tessa Virtue i Scott Moir w 2016 r. Reprezentacja   Kanada Data i miejsce urodzenia 2 września 1987 London Wzrost 180 cm Konkurencja Pary taneczne Partner sportowy Tessa Virtue Trener Marie-France Dubreuil, Patrice Lauzon, Romain Haguenauer Poprzednio: Marina Zujewa, Oleg Epstein, Igor Szpilband, Johnny Johns, Carol Moir, Paul MacIntosh, Suzanne Killing Klub Montreal International School of Skating Poprzednio: Arctic Edge FSC Ilderton Skating Club Lokalizacja treningowa Montreal Poprzednio: Canton Kitchener Rekordy życiowe ISU przed sezonem 2018/2019 Nota łączna 206,07 Igrzyska Olimpijskie 2018 Taniec krótki 83,67 Igrzyska Olimpijskie 2018 Taniec dowolny 122,40 Igrzyska Olimpijskie 2018 Dorobek medalowy Reprezentacja   Kanada Igrzyska olimpijskie Złoto Vancouver 2010 pary taneczne Złoto Pjongczang 2018 pary taneczne Złoto Pjongczang 2018 drużynowo Srebro S...
Read more

Souastre

Image
Souastre — miejscowość i gmina — Herb Państwo   Francja Region Hauts-de-France Departament Pas-de-Calais Okręg Arras Kod INSEE 62800 Powierzchnia 7,18 km² Populacja  (1990) • liczba ludności 352 • gęstość 49 os./km² Kod pocztowy 62111 Położenie na mapie Francji Souastre 50°09′N   2°34′E / 50,150000   2,566667 Portal Francja Souastre – miejscowość i gmina we Francji, w regionie Hauts-de-France, w departamencie Pas-de-Calais. Według danych na rok 1990 gminę zamieszkiwały 352 osoby, a gęstość zaludnienia wynosiła 49 osób/km² (wśród 1549 gmin regionu Nord-Pas-de-Calais Souastre plasuje się na 887. miejscu pod względem liczby ludności, natomiast pod względem powierzchni na miejscu 507.). Bibliografia | Francuski urząd statystyczny ( fr. ) . p   •   d   •   e Gminy okręgu Arras Ablain-Saint-Nazaire Ablainzevelle Acheville Achicourt Achiet-le-Grand Achiet-le-Pe...
Read more