EC2 in public subnet reachable by public IP but not by public DNS

Hi there!

When you say they are only reachable by IP you mean with SSH only? And when you say "not by DNS" do you mean HTTP/S? If you it might be because the security group attached to the instance is not allowing HTTP traffic.

To modify the security group:

1. Open the EC2 console
2. Go to Instances
3. Locate the instance in question
4. Look at the instance details and under the Security tab, click on the security group link
5. This will take you to the security group details

6. Edit the inbound rules
7. Add a rule to allow HTTP (or HTTPS) for your instance.

I hope this helps (if so, please accept this answer)

Hi, thanks for your reply. Maybe I didn't describe it clearly, sorry. I have released all ports and protocols under inbound rules. But the public DNS is still inaccessible. I found through the ping command that the ip address pointed to by the public DNS is not the public ip of the instance。 My public ip can access http and ssh services normally. The difference is that the ip resolved by the public DNS is inconsistent with the public ip

Can I check the public DNS from the EC2 details?
You should be able to see the public IP by running the nslookup command on this public DNS.

Thank you very much for your help. I have checked the cause. The port belonging to the security group is not released and the nginx configuration file does not take effect. However, the inconsistency between the ping public dns and public ip addresses has caused me to never find the real reason. Can you tell me why it is inconsistent? I am very curious.

On the client machine (where you are running the SSH session from), what results do you get from doing a DNS lookup for the EC2 instance?

You can use nslookup or dig to test, or even just trying to ping the instance. Does it return the IP address? If not, then there is an issue with the DNS resolution from that machine - further troubleshooting is required. If it does return the IP address then perhaps there is an issue with the SSH client software where it isn't doing DNS "correctly".

I would think that is strange but being DNS there might be other elements at play.

The best recommendation I can provide to you is to use an Elastic IP to get a permanent public IP for your instance which will provide you with a new DNS name. As mentioned, it is permanent and won't change even if you terminate your instance and can detach it from the Instance and attach it to another one if needed.