By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How do I assign a static DNS server to an Amazon EC2 instance that persists when I reboot?

7 minute read
1

I want to configure an Amazon Elastic Compute Cloud (Amazon EC2) instance that has a static DNS server that persists when I reboot.

Short description

By default, Amazon EC2 instances that are associated with an Amazon Virtual Private Cloud (Amazon VPC) request a DNS server address at startup. The Dynamic Host Configuration Protocol (DHCP) sends the request. The DHCP response returns DNS server addresses that are written to the local /etc/resolv.conf file.

When you restart the instance, you lose manual modifications to the resolv.conf file that contains custom DNS server addresses. To maintain your static DNS server when you reboot your instance, complete the one of the following procedures based on your Linux distribution.

Resolution

Important: Before you change your instance, use an Amazon Machine Image (AMI) to create a backup. Or, use an Amazon Elastic Block Store (Amazon EBS) snapshot to create a backup. When you change the networking configurations for an instance, the instance might become unreachable.

Amazon Linux 2023

Amazon Linux 2023 uses systemd-resolved. For more information, see systemd-resolved on the Archlinux website.

Configure the resolver

Edit the /etc/systemd/resolved.conf file and change the DNS and domain options.

Example configuration file:

# /etc/systemd/resolved.conf

[Resolve]
DNS=8.8.8.8
Domains=~.

Or, create a drop-in. For example, use the /etc/systemd/resolved.conf.d/dns_servers.conf file.

Example configuration file:

#/etc/systemd/resolved.conf.d/dns_servers.conf

[Resolve]
DNS=8.8.8.8 8.8.4.4
Domains=~.

Note: If you don't set the Domains=~. option, then systemd-resolved might use the per-link DNS servers set in the per-link configuration. The Domains=~. option doesn't affect queries of domain names that match the more specific search domains that are specified in per-link configurations. When domain names resolve, they use their respective per-link DNS servers.

Change the location /etc/resolv.conf points

By default, /etc/resolv.conf points to the localhost stub resolver. To change the resolver, recreate the file with different content or point somewhere other than the localhost stub resolver. For example, you can point to /run/systemd/resolve/resolv.conf that contains a flattened list of servers that systemd-resolved uses.

To test your configuration, run the resolvectl status command and use resolvectl query amazonaws.com. Then, review the output.

Amazon Linux or Amazon Linux 2

Use one of the following options to configure your instance. If you apply both options, then the DNS servers that are specified in the ifcfg-eth0 file take precedence.

For either option to work, you must set the PEERDNS parameter value in the ifcfg-eth0 file to yes. When you set the PEERDNS parameter to no, the DNS servers that are specified in ifcfg-* files or that DHCP provides are ignored.

Option 1

Complete the following steps:

  1. Edit or create the /etc/dhcp/dhclient.conf file.
    Note: You must have root user permissions to edit this file. Either use sudo -i to become the root, or use sudo to implement all commands.
  2. Add the supersede command to the file to override the domain-name-servers. In the following example command, replace xxx.xxx.xxx.xxx with the IP address of the DNS server or servers that you want the instance to use: 
    supersede domain-name-servers xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx;
    After the preceding modification, the resolv.conf file updates at instance reboot to contain only the DNS servers that you specified in the dhclient file.
  3. Set the PEERDNS parameter to yes in your per-interface configuration file, /etc/sysconfig/network-scripts/ifcfg-*.
  4. Reboot the EC2 instance.

Option 2

Complete the following steps:

  1. To override DNS server values in the /etc/dhcp/dhclient.conf file, specify the custom DNS servers in the per-interface configuration files.
    For example, the following file shows the /etc/sysconfig/network-scripts/ifcfg-eth0 file from an Amazon Linux instance that's modified to include two custom DNS servers:

    DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
PERSISTENT_DHCLIENT=yes
RES_OPTIONS="timeout:2 attempts:5"
DHCP_ARP_CHECK=no
MTU="9001"
DNS1=8.8.8.8
DNS2=8.8.4.4

  2. Set the PEERDNS parameter to yes in your per-interface configuration file, /etc/sysconfig/network-scripts/ifcfg-*.

Ubuntu 16.04

Complete the following steps:

  1. Edit or create the /etc/dhcp/dhclient.conf file.
    Note: You must have root user permissions to edit this file. Either use sudo -i to become the root, or use sudo to implement all commands.
  2. Add the supersede command to the file to override the domain-name-servers. In the following example command, replace xxx.xxx.xxx.xxx with the IP address of the DNS server or servers that you want the instance to use: 
    supersede domain-name-servers xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx;
    After this modification, the resolv.conf file updates at instance reboot to contain only the DNS servers that you specified in the dhclient file.
  3. Reboot the instance.

Ubuntu 18.04

On Ubuntu 18.04, the netplan.io package manages the network interface configuration, and the systemd-resolved service uses a stub resolver to manage DNS queries. The stub resolver IP address is located in /etc/resolv.conf.

The /etc/resolv.conf file is a symlink to the /run/systemd/resolve/stub-resolv.conf file. If one of the following conditions is true for the /etc/resolv.conf file, then the supersede statement in /etc/dhcp/dhclient.conf might not work as expected:

  • The file isn't a symlink on your instance.
  • The file is a symlink that points to a different file. For example, the file points to /run/systemd/resolve/resolv.conf.

To override the DNS server values, complete the following steps:

  1. Netplan stores configuration files in /etc/netplan directory. Create a file that's named /etc/netplan/99-custom-dns.yaml, and then enter the following lines into the file. Replace the example DNS server IP addresses with your IP addresses: 
    cat << 'EOF' | sudo tee /etc/netplan/99-custom-dns.yaml
network:
  version: 2
  ethernets:
    ens5:
      nameservers:
        addresses: [1.1 .1 .1, 1.0 .0 .1]
      dhcp4-overrides:
        use-dns: false
        use-domains: false
EOF
    Note: In the preceding example code, the interface is specified as ens5. Make sure that the interface name matches the interface of your setup. To see your interface name, run the ip a command.
  2. To convert the Netplan YAML file into configuration files, run the following netplan command: 
    netplan generate
    You can now find the stub resolver IP address in /etc/resolv.conf. This is expected. The stub resolver IP address is local to your operating system. In the background, the stub resolver uses the DNS servers that you specified in the 99-custom-dns.yaml file.
  3. Reboot the instance.
  4. To confirm that the system correctly picks up the intended DNS server IP addresses, run the systemd-resolve command: 
    systemd-resolve --status

RHEL 7.5

By default, the NetworkManager service manages the resolv.conf file. The service then populates the file with DNS servers that DHCP provides. Don't allow NetworkManager to manage the resolv.conf file so that the resolv.conf file ignores the DNS servers that DHCP provides.

Option 1

Complete the following steps:

  1. Edit or create the /etc/dhcp/dhclient.conf file.
    Note: You must have root user permissions to edit this file. Either use sudo -i to become the root, or use sudo to implement all commands.
  2. Add the supersede command to the file to override the domain-name-servers. In the following example command, replace xxx.xxx.xxx.xxx with the IP address of the DNS server: 
    supersede domain-name-servers xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx;
    Or, you can enter your preferred servers for the instance to use.
    After this modification, the resolv.conf file updates at instance reboot to contain only the DNS servers that you specified in the dhclient file.
  3. Set the PEERDNS parameter to yes in your per-interface configuration file, /etc/sysconfig/network-scripts/ifcfg-*.
  4. Reboot the instance.

Option 2

Complete the following steps:

  1. Create the /etc/NetworkManager/conf.d/90-dns-none.conf file with the following content:

    [main]
dns=none

  2. Reboot the instance, and then manually create the /etc/resolv.conf file.

Related information

DHCP option sets in Amazon VPC

2.1 network files on the Archlinux website

resolved.conf(5) on the Archlinux website

dhclient.conf(5) on the Archlinux website

networkmanager.conf(5) on the Archlinux website

Topics
Compute
Tags
Amazon EC2Linux
Language
English

Related videos

Watch Matthew's video to learn more (3:54)
Watch Matthew's video to learn more (3:54)
AWS OFFICIAL
AWS OFFICIALUpdated 9 months ago
1 Comment

I saw that the instructions only go up to Ubuntu 18.04, so I went through the same process on a standard Ubuntu 22.04 instance, to check if it's the same as the 18.04 instructions in this article. It's not.

Here are the differences in Ubuntu 22.04:

STEP 1) In step #1, don't include the first and last (EOF) lines. The rest of that step is ok. Example:

network:
  version: 2
  ethernets:
    ens5:
      nameservers:
        addresses: [1.1.1.1, 1.0.0.1]
      dhcp4-overrides:
        use-dns: false
        use-domains: false

STEP 2) In step #2, also run a second 'netplan' command to actually apply the new configuration:

netplan generate
netplan apply

You may need to install 'openswitch', if you receive an error message stating that it's missing:

apt install openvswitch-switch-dpdk

STEP 3) Reboot step is good as-is.

STEP 4) In step #4, the 'systemd-resolve' command doesn't work. Use the following command instead, to check if your custom DNS server IP addresses were retained through reboot:

resolvectl status
profile pictureAWS
Veronica K
replied 6 days ago

Relevant content