Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Ping is not working FQDN however it works fine with IP - in private hosted zone.

0

Hi All, I've configured a Route53 Private hosted zone setup to facilitate secure end-to-end traffic on EKS using TLS certificates in ACM, ALB, and Istio. However, I'm encountering an issue where the ping command doesn't work with the Fully Qualified Domain Name (FQDN), although it functions correctly with the IP address. I've thoroughly checked all VPC settings and followed troubleshooting documentation, but everything appears to be configured correctly. I'm uncertain about what I might be overlooking. Any suggestions on how to address and resolve this issue would be greatly appreciated. Thank you.

Here is the scenario

❯ nslookup stage.argocd.eeeee-ppppers
Server:		**10.0.1.21**
Address:	10.0.1.21#53

** server can't find stage.argocd.eeee-peees: NXDOMAIN

❯ **ping stage.argocd.eeeee-ppppers
ping: cannot resolve stage.argocd.eeeee-ppppers: Unknown host**
❯ ping **10.0.1.21
PING 10.0.1.21 (10.0.1.21): 56 data bytes
64 bytes from 10.0.1.21: icmp_seq=0 ttl=127 time=23.657 ms
64 bytes from 10.0.1.21: icmp_seq=1 ttl=127 time=17.694 ms
64 bytes from 10.0.1.21: icmp_seq=2 ttl=127 time=18.790 ms
64 bytes from 10.0.1.21: icmp_seq=3 ttl=127 time=13.934 ms
64 bytes from 10.0.1.21: icmp_seq=4 ttl=127 time=14.864 ms
64 bytes from 10.0.1.21: icmp_seq=5 ttl=127 time=13.081 ms**
^C
--- 10.0.1.21 ping statistics ---
7 packets transmitted, 6 packets received, 14.3% packet loss
round-trip min/avg/max/stddev = 13.081/17.003/23.657/3.590 ms
❯ dig stage.argocd.eeeee-ppppers

; <<>> DiG 9.10.6 <<>> stage.argocd.eeeee-ppppers
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16539
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;stage.argocd.eeeee-ppppers.	IN	A

;; AUTHORITY SECTION:
.			354	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2024030900 1800 900 604800 86400

;; Query time: 45 msec
;; SERVER: 10.0.1.21#53(10.0.1.21)
;; WHEN: Sat Mar 09 10:51:59 CST 2024
;; MSG SIZE  rcvd: 133
Topics
ContainersNetworking & Content Delivery
Tags
Amazon Route 53Amazon VPCDomain Name System (DNS)Networking & Content DeliveryAmazon Elastic Kubernetes Service
Language
English
asked 2 years ago698 views
2 Answers
0

10.0.1.21 is the IP address of the DNS server, not of the target whose IP address you are trying to resolve.

The output of the nslookup command indicates that stage.argocd.eeeee-ppppers cannot be resolved.

EXPERT
answered 2 years ago
EXPERT
reviewed 2 years ago
0

Apparently your DNS Server IP is 10.0.1.21 . And this server dont know about stage.argocd.eeeee-ppppers

Usually private hosted zone listens on VPC +2 DNS Server IP. Like if you VPC CIDR is 10.0.0.0/16 then DNS Service is 10.0.0.2

So apparently your machine is sending DNS Requests to 10.0.1.21 and its not forwarding request to your VPC DNS Server.

What happens, if you do nslookup yahoo.com ?

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content