Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.
How do I resolve a domain name with the ".local" suffix for a Route 53 private hosted zone?
I can't resolve an Amazon Route 53 private hosted zone record with my Amazon Elastic Compute Cloud (Amazon EC2) instance.
Resolution
Linux operating system (OS) distributions that use the systemd-resolved service can fail with the response code "SERVFAIL". The DNS request fails because the local DNS stub listener doesn't forward DNS requests for domain names with the .local suffix.
Example SERVFAIL response code:
### failed ###ubuntu@ip-172-31-2-3:~$ dig example.local. ; <<>> DiG 9.18.1-1ubuntu1.1-Ubuntu <<>> example.local. ;; global options: +cmd ;; Got answer: ;; WARNING: .local is reserved for Multicast DNS ;; You are currently testing what happens when an mDNS query is leaked to DNS ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29563 ### status: SERVFAIL ### ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;example.local. IN A ;; Query time: 0 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP) ### 127.0.0.53 is systemd-resolved ### ;; WHEN: Thu Jun 30 12:34:56 UTC 2022 ;; MSG SIZE rcvd: 42 ### success ### ubuntu@ip-172-31-2-3:~$ dig example.local. @172.31.0.2 ### dig to @172.31.0.2 AmazonProvidedDNS / Route 53 Resolver ### ; <<>> DiG 9.18.1-1ubuntu1.1-Ubuntu <<>> example.local. @172.31.0.2 ;; global options: +cmd ;; Got answer: ;; WARNING: .local is reserved for Multicast DNS ;; You are currently testing what happens when an mDNS query is leaked to DNS ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29352 ### status: NOERROR ### ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;example.local. IN A ;; ANSWER SECTION: example.local. 300 IN A 192.0.2.1 ;; Query time: 4 msec ;; SERVER: 172.31.0.2#53(172.31.0.2) (UDP) ### 172.31.0.2 is AmazonProvidedDNS / Route 53 Resolver ### ;; WHEN: Thu Jun 30 12:34:56 UTC 2022 ;; MSG SIZE rcvd: 58
Note: It's a best practice to avoid the domain name .local suffix. RFC 6762 reserves this domain name for Multicast DNS use. For more information, see Multicast DNS on the Internet Engineering Task Force (IETF) website.
To resolve a domain name with the .local suffix, use the external resolver instead of the local DNS stub listener. Complete the following steps:
-
To change the DNS resolver from the local DNS stub listener to Route 53 Resolver, run the following commands:
cd /etc/ sudo ln -sf ../run/systemd/resolve/resolv.conf -
To change .conf to stop the local DNS stub listener, run the following commands:
cd /etc/systemd/ sudo cp -ip resolved.conf resolved.conf.org sudo sed -i -e 's/#DNSStubListener=yes/DNSStubListener=no/' resolved.conf -
To restart systemd-resolved, run the following command:
sudo systemctl restart systemd-resolved
Related information
Best practices for Amazon Route 53 DNS
How do I troubleshoot DNS resolution issues in my Route 53 private hosted zone?
- Tags
- Amazon Route 53
- Language
- English
The code snippets in this article appear to be wrongly formatted.
For example in the first snippet, I think it should be:
cd /etc/
sudo ln -sf ../run/systemd/resolve/resolv.conf .
(note line splitting and "dot") at the end
Relevant content
- asked 2 years ago
- asked 3 years ago
- asked a year ago
