By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

DNS option sets problem

0

I have a VPC set up in 192.168.0.0/16 CIDR with public and private subnet. In private subnet I have following servers (all on Win server 2016) DC1 192.168.1.20 royal-dc1 DC2 192.168.1.21 .. DNS 192.168.1.19 .. SMTP 192.168.1.21 .. KMS 192.168.1.22 royal-kms

I have created DHCP option sets and I have assigned: domain name: mydomain.local domain name servers: 192.168.1.19,192.168.1.20. 192.168.1.21

I have created my domain mydomain.local and joined all instances into it.

Autodiscovery is enable but When I go onto any of the three computers, I can only see my local computer. (1)

I have noticed that this may have something to do with DNS. When I go to file exploder and enter ip addresses I am able access other computers. Also, I am able ping between DNS, SMT and KMS using host name, but I can not ping DC1 or DC2 from rest of the servers. I also can not ping nothing from DC2 using host names. It works when I use IP addresses. On top of this I have noticed that if I ping dc using full computer name ping royal-dc1.mydomain.local ping seems to work ...

Finally I have noticed that private dns ip name in EC2 description is not setup for mydomain.local but uses default E2.... name. (idk if this matters) Very unusual, I don't know what can be possible issue.

Please advise

Topics
Networking & Content DeliverySecurity, Identity, & Compliance
Tags
Amazon VPCAWS Directory ServiceAmazon Route 53
Language
English
farciarz121
asked 2 years ago588 views
3 Answers
0

This is more about how Windows handles machine discovery in a workgroup environment which then leads us back to what you've already identified which is: Windows uses DNS to find other machines and therefore naming is important.

Outside of AWS you'd normally run the Windows DNS service; you can still do that but it then makes it more difficult (not impossible!) to resolve VPC, AWS and Internet-based resources. You could also set up a Windows Active Directory domain but it seems like you don't want that.

So: Have a read of the many blog posts/documentation sites that talk about Windows workgroups and the DNS behind it. Then update the Route 53 Private Hosted Zone in your VPC so that the Windows instances can discover each other.

profile pictureAWS
EXPERT
Brettski-AWS
answered 2 years ago
0

First of all, thank you for reading this and replying for my message.

All instances are joined to Microsoft windows active directory (not aws managed directory services). Are you suggesting to use managed services?

Also DC1, DC2 and DNS servers run DNS services and I have them set up as DNS servers with DHCP option sets. However, I do not use AWS managed services. I found something that maybe a good solution - using Route53 Outbound Resolver https://aws.amazon.com/blogs/networking-and-content-delivery/integrating-your-directory-services-dns-resolution-with-amazon-route-53-resolvers/

But here is my question - Is this possible to do w/o using AWS Managed AD ? Can I simply install AD on EC2 instance and point Outbound Resolver to it?

Also, I have noticed that WINS replication is not working between the ..91.20 and ..91.21 partners. It seems that ..91.21 can communicate with ..91.20, but 91.20 cannot communicate with ..91.21 (at least for WINS purposes). Can this be also related to the problem?

Finally, if the semi traditional setup - creating DNS servers on EC2 instances and pointing DHCP option sets on them is not correct, why is it working on some instances and it doesn't work on others (I am able to ping some of the instances by the host name).

farciarz121
answered 2 years ago
0

Can somebody please advise or do I need to open a separate thread for this?

farciarz121
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content