Background: A PowerDNS is deployed on an EC2 inside a VPC. From PDNS, I added a master zone and a record CNAME pointing to ELB's DNS name.
Now from within the VPC, when I ping the ELB's DNS name, I got a private IP, but when I ping the PDNS record, I got an external IP.
Question: Is there anyway I can make the PDNS record to give me a private IP just like what the ELB does?
Normally the public IP of ELB changes over time by AWS, so adding an A record wont help you much here. If you really want to do that however, you can use the PowerDNS API to add an A record.
Related
I'm using Route-53 as a DNS management service.
I have a problem that I'm not really sure how to solve it. I've come here to seek ideas.
I have a partner who wants an IP address of the DNS server, so that they can integrate their on-prem DNS server, to what I'm using(Route-53). This is not possible as Route-53 doesn't give an IP address for accessing the DNS servers. This is because it's a managed service. How can I get IP address for the Route-53 DNS servers so that my integrating partner can use to integrate the DNS server from their end to mine(Route-53)?
I appreciate your advice.
Taken from AWS docs:
10.0.0.2: Reserved by AWS. The IP address of the DNS server is the base of the VPC network range plus two. For VPCs with multiple CIDR blocks, the IP address of the DNS server is located in the primary CIDR. We also reserve the base of each subnet range plus two for all CIDR blocks in the VPC. For more information, see Amazon DNS server.
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html
I'm assuming your hosted zone is private, as if it was public, your partner wouldn't need to do any special configuration (unless they don't allow querying public DNS in their network).
If this is a private DNS, I think what you want is to setup a Route 53 Resolver. Specifically, you would want an inbound endpoint setup in your VPC. This will give you a specific IP address that you can provide to your partner. If you haven't already, you'd then need to configure network routing between your VPC and your partner's network (via a tunnel or peering).
AWS has a couple user guides for this, see below:
Route 53 Resolver Developer Guide
Route 53 Resolver announcement
I registered a domain name with AWS Route 53 as mydomain.com. Is there anyway that I can assign e.g. ns1.mydomain.com as a public hostname to an EC2 which does NOT have a Elasti IP?
Thanks
You can assign the domain name to any IP address of an instance. However be aware of the following limitations:
If a domain name is assigned to a private IP, it will not be connectable without network access to that IP
If the domain is assigned to a non-elastic public IP if the instance stops and starts you would lose the public IP so would need to update the DNS resolution.
If you have a public facing application, but want to keep network traffic that directly connects to the instance private you should look at using an ELB in front of the application to provide a security boundary between the internet and your application.
Utilize a load balancer in front of the instance and assign the public hostname to the load balancer.
Use S3 webpage redirect and assign the hostname to the S3 URI.
If the problems is that you don't have any elastic IP's left, you can request for more. This should be resolved within about 15 minutes.
in the application I manage, in several places, there are hard-coded references to the Private DNS of an EC2. The code will refer to: ip-(some private IP here).eu-west-1.compute.internal.
If I stop and start an instance the private IP will change, and I assume also that the Private DNS URL will also change.
When this happens the code crashes. Is there any way I can avoid this change? Is there some way to create a Private DNS so it does not change even when an instance is stopped and started again?
The private DNS and the IP shouldn't change.
However one feasible option is to launch your instances within a VPC and assign a Route 53 Private Hosted Zone that resolves your instances.
The bridge between VPC and Route53 is a DHCP options in the VPC.
I need to create an internal website for a company accesible only through company's VPN. I have an EC2 instance with a webserver and I was able to access the website through instance's private IP. Now I'm trying to connect the instance to internal ELB and I'm facing a problem with ELB's DNS name.
Instance is added to ELB's target group, they are on the same subnet, it passes the health check, I'm able to send a request from browser to ELB using its IPs addresses but when I try to do the same with ELB's DNS name I don't get any response. Security groups are also correct.
I'm also unable to ping ELB's DNS name from EC2 instance.
Why internal ELB's DNS name does not work in the browser/postman? And how I can fix it?
I've read through all the white papers for Route53, Private Hosted Zones, and Workspaces and I'm too the point of banging my head on the wall. :p
I'm having trouble getting an EC2 instance and an Amazon Workspace within a private cloud to communicate using a Fully Qualified Domain Name. I need them to communicate with a FQDN instead of an IP address so that I can have an encrypted connection with an SSL.
Here is my configuration:
Setup a VPC with two public subnets, a route table, and internet gateway.
VPC is setup with DNSResolution and DNSHostnames enabled.
Setup a Simple AD for the workspace within the private VPC.
Setup an EC2 instance within the private VPC with a public subnet.
Setup the EC2 instance with a security group that allows port 80,443, and 5003 open to 0.0.0.0/0.
Setup a workspace within the private VPC with no security group.
Disabled the firewall within the EC2 instance and Workspace.
Setup a Hosted Zone on Route53 configured for Private and linked to the VPC.
Setup an A Record pointing the private IP of the EC2 instance.
If I run a ping from the Workspace to the DNS record that was setup in Route53, I get a successful connection.
If I try to reach the EC2 server using a Web browser on Port 80 or Port 443 using the DNS record, it fails.
If I try to reach the Ec2 server using an application that runs on Port 5003 using the DNS record, it fails.
If I try to reach the EC2 server with either web browser or application by referencing the IP, it is successful. So I know that my ports aren't being blocked.
Did I configure the route53 record incorrectly or am I missing a particular IAM Role permission set?
Thanks and let me know if I need to elaborate on any of the configuration.
SimpleAD DNS is being used instead of Route53. If the zone is the same then only one or the other can be used I'm afraid.
For example if you have host.com DNS zone in SimpleAD then the workspace won't use R53 for any *.host.com resolution. Try a different private zone in R53 and therefore fqdn for the EC2 instance private IP address.
https://forums.aws.amazon.com/thread.jspa?threadID=215126