AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

AWS Directory Service unable to resolve EFS dns name

0

Hello,

I am using AWS Directory Service and therefore my VPC has the required custom DHCP options. This seems to be causing my EFS dns name to not resolve:

$ sudo mount -t efs fs-981781a1:/ efs
Failed to resolve "fs-981781a1.efs.ap-southeast-2.amazonaws.com" - check that your file system ID is correct.

$ sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport fs-981781a1.efs.ap-southeast-2.amazonaws.com:/ efs
mount.nfs4: Failed to resolve server fs-981781a1.efs.ap-southeast-2.amazonaws.com: Name or service not known

However, specifying the EFS target ip address does work:
sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport 10.0.14.62:/ efs

Any help would be appreciated.

Thanks!

주제
보안, 신원 및 규정 준수
태그
AWS 디렉터리 서비스
언어
English
Jimmy514
질문됨 5년 전2519회 조회
3개 답변
1
수락된 답변

There are two areas you can check:

  1. Verify that the DNS service provided by AWS Directory Service is configured to forward unknown quries to your .2 DNS server. Given the EFS IP you provided I would guess that DNS server is at 10.0.0.2. Here is a screenshot showing where to configure the forwarder.
    http://www.mcmcse.com/microsoft/guides/70-410/images/dns_forwarding1.jpg

  2. EFS creates mount targets at the AZ level. So if you have instances in three AZs and only created mount targets in two AZs, then the instances in the third AZ without a mount target will not be able to resolve the name.
    The common problem we hear about in Directory Service is that the EFS mount target is only in AZ A and the Directory Service domain controllers are in AZ B and C. The EC2 instances send all of their DNS queries to the domain controllers and they then forward the lookup to the .2 DNS server in their AZ. But since there isn't a mount target in the domain contorller's AZ the .2 DNS server gives an NX (non-existent) response and the domain controller forwards that response to the EC2 instance. The easy fix in this scenario is to create EFS mount targets in all of the AZs where you have provisioned Directory Service domain controllers.

profile pictureAWS
JoeD_AWS
답변함 5년 전
profile picture
전문가
Giovanni Lauria
검토됨 2일 전
0

Hello,

Thank you for your reply.

My EFS, managed Microsoft AD Directory Service and EC2 are all using the same subnet/availability zone. However, I had no idea I needed to setup a forwarder for unknown queries. I provisioned the managed Microsoft AD Directory Service using a cloudformation template based upon the following:
https://github.com/aws-quickstart/quickstart-microsoft-activedirectory/blob/master/templates/ad-3.template

Preferrable I'd like to add the additional setup of the forwarder to it.

If I was to do it manually do I really need to install DNS Manager tools on a windows EC2 instance? Or can it be done in the Directory Service console?

Any help would be appreciated.

Thanks

Jimmy514
답변함 5년 전
0

Sorry, but we have not provided a way to alter the forwarder setting through the console or a public API. Configuring it through a domain joined EC2 instance is the only option available today.

profile pictureAWS
JoeD_AWS
답변함 5년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠