0

Let's say I have 2 projects (A, B), each with their own VPC and VPC peering enabled between them.

Then I create a private DNS zone in project A, let's say with .internal as DNS name. Then I add an A record to be able to reach an instance like that: instance-1.internal in A.

Now I'm wondering if using DNS Peering, I can achieve to reach the instance via instance-1.internal in project B, I tried to create a DNS Peering Zone with B as the consumer of A, but I couldn't resolve instance-1.internal in B.

Rhangaun
  • 179
  • 1
  • 15

1 Answers1

2

I understand that your goal is to reach an instance in VPC-A from VPC-B by its internal (to VPC-A) DNS name by dns-peering VPC-B to VPC-A.

If my understanding is correct, it is not only possible, it's the idea of dns peering. I just created a lab, where I:

  • Created VPC-A in Project A
  • Created VPC-B in Project B
  • Created an internal DNS zone (vpc-a.internal) in VPC-A with one A record pointing to the instance in the same VPC (ip=172.16.1.209, name=instance-1)
  • Created a peering DNS zone in VPC-B and pointed it to VPC-A (peering in unidirectional relationship, no need to do the same in VPC-A)
  • Created an instance in VPC-B (test-instance) and dig'ed that previously created A record:
username@test-instance:~$ dig +short instance-1.vpc-a.internal
172.16.1.209

As you can see the resolution works. Please note, that DNS Peering is about being able to resolve names, and not about being able to access. If you need to access instance-1 in VPC-A from VPC-B then you need to establish VPC peering as well.

jabbson
  • 561
  • 1
  • 8
  • That seems to be pretty similar to what I've tried without success, in my case the projects/VPCs already exists, I'm currently using IPs to reach instances from project A in project B. dig doesn't succeed. – Rhangaun May 03 '21 at 00:22