21

I am getting started on understanding VPC but am not seeing a good internal DNS solution. For example, we're using a non-RDS database server which other servers in the VPC connect to. I would like to connect by name, not IP. Partly this is so I can get an internal 10.x.x.x address, which is presumably faster. Mostly, it makes configuration easier, more legible, and more flexible.

In the olden days (circa 2008), pre-VPC I had a server that ran MaraDNS which we would update as we started and changed instances, and this was a big pain, in particular because servers would get their own DHCP-assigned internal addresses when they restarted, and just because it was another thing to deal with. Some colleagues of mine running different systems thought I was an idiot for going to all this effort -- they just updated the /etc/hosts files (which was great until there was an outage and all their servers came back with new IPs).

Should I be looking at Route53 (where we're doing all our public DNS) or is there something I am missing?

Update: 2017 -- Internal DNS is now a feature of Route 53. Woot!

Tom Harrison Jr
  • 575
  • 1
  • 6
  • 16
  • This is actually a great question, something I've been struggling to find a solution to as well. I'd be very willing to throw a nice bounty on this to try and attract a great answer. – EEAA Aug 02 '12 at 04:07
  • VPC instances can have fixed private IP addresses, so why is running your own DNS server not an option? – Dusan Bajic Aug 02 '12 at 10:38
  • @dusan.bajic -- I'll run my own DNS server if I must, but as I stated in the question, it's just another thing to manage, monitor, and keep working. I had hoped that I was just missing something that AWS had added ... guess not :-) – Tom Harrison Jr Aug 04 '12 at 20:34

3 Answers3

6

It seems from the AWS VPC documentation that the recommended approach to leveraging a DNS server inside of an AWS VPC is to first create a DHCP Options Set and associate it with the VPC. Then you can stand up 1-4 DNS servers in that VPC. Additionally, the DHCP Options Set will allow you to setup the following for all contained VPC instances. (snipped from the docs)

DHCP Option Name      | Description
 domain-name          |  A domain name of your choice (for example, example.com).
 domain-name-servers  |  The IP address of a domain name server.
 ntp-servers          |  The IP address of a Network Time Protocol (NTP) server. 
 netbios-name-servers |  The IP address of a NetBIOS name server.
 netbios-node-type    |  The NetBIOS node type (1, 2, 4, or 8).
Oort
  • 61
  • 1
  • 1
  • Thanks, it does look like AWS is moving towards some internal DNS infrastructure ... gradually. My question at the time was whether there was any alternative to hosting my own internal DNS. As it happens (now at a new company) we're using Route53 for internal DNS and just prefixing the name. For example a public hostname might be `foo.example.com` and its internal counterpart is `i.foo.example.com`, whose address is the 10.x.x.x address. This has some security issues of potentially exposing our internals, but it is limited. – Tom Harrison Jr Jul 16 '14 at 14:18
  • 2
    Amazon does now support private hosted zones, which allow for DNS resolution that is restricted to only being resolvable via Amazon DNS servers from VPCs associated with the private hosted zone. http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zones-private.html – jnt30 Jan 13 '15 at 14:44
5

Instances should register their DNS names with your DNS servers via DDNS when they start (as CNAMEs to their public AWS-assigned FQDN); that way you can refer to them by well-known name and get the most appropriate address (internal or external) regardless of where you are. Route53 probably has this sort of magic built-in, but I prefer provider-independent solutions where possible.

womble
  • 95,029
  • 29
  • 173
  • 228
  • 9
    Route53 doesn't have it built in, to my knowledge. – ceejayoz Aug 02 '12 at 03:46
  • 1
    @womble -- I was hoping for the magic of which you speak in Route53, but see nothing. The servers are within a VPC so there's no public FQDN, but there is a static (stable) IP that I could register with an A record using the Route53 CLI tools. So this is a good idea and beats setting up and managing my own DNS server. I don't really understand why AWS doesn't let us assign our own DNS-addressable hostnames as part of instance creation. Sigh :-) I'll accept the answer in a few days if no one else has a better solution. Thanks! – Tom Harrison Jr Aug 04 '12 at 20:54
  • @TomHarrisonJr although you marked this as correct - I suspect it was done begrudgingly? What was your final solution? – Andrew Jun 04 '13 at 07:32
  • 2
    @Andrew While this is a valid answer, the short answer is "AWS does not have any internal DNS service" and so you need to roll your own. I am a fan of MaraDNS -- simple, easily managed through text files, lightweight, etc. If you truly don't want to expose your private servers through DDNS or Route53, this would be the way I have done it in the past. – Tom Harrison Jr Jun 04 '13 at 15:09
4

Wouldn't something like Avahi work? This is even installed and nicely packaged for most Linux distributions. Just give each instance that needs to be reachable a unique hostname, and Bob's your uncle.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • 1
    AWS networking is *weird*... I wouldn't necessarily assume that Avahi would actually work. Doesn't take much to test it, though. – womble Aug 02 '12 at 03:50
  • This would be an interesting solution since it would mean I only had to name my instances and the rest is magic. But there's very little doc, and it wasn't immediately clear to me if this was right for a production server environment. I'll keep it in mind -- thanks. – Tom Harrison Jr Aug 04 '12 at 20:45