By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Ping is not working FQDN however it works fine with IP - in private hosted zone.

0

Hi All, I've configured a Route53 Private hosted zone setup to facilitate secure end-to-end traffic on EKS using TLS certificates in ACM, ALB, and Istio. However, I'm encountering an issue where the ping command doesn't work with the Fully Qualified Domain Name (FQDN), although it functions correctly with the IP address. I've thoroughly checked all VPC settings and followed troubleshooting documentation, but everything appears to be configured correctly. I'm uncertain about what I might be overlooking. Any suggestions on how to address and resolve this issue would be greatly appreciated. Thank you.

Here is the scenario

❯ nslookup stage.argocd.eeeee-ppppers
Server:		**10.0.1.21**
Address:	10.0.1.21#53

** server can't find stage.argocd.eeee-peees: NXDOMAIN

❯ **ping stage.argocd.eeeee-ppppers
ping: cannot resolve stage.argocd.eeeee-ppppers: Unknown host**
❯ ping **10.0.1.21
PING 10.0.1.21 (10.0.1.21): 56 data bytes
64 bytes from 10.0.1.21: icmp_seq=0 ttl=127 time=23.657 ms
64 bytes from 10.0.1.21: icmp_seq=1 ttl=127 time=17.694 ms
64 bytes from 10.0.1.21: icmp_seq=2 ttl=127 time=18.790 ms
64 bytes from 10.0.1.21: icmp_seq=3 ttl=127 time=13.934 ms
64 bytes from 10.0.1.21: icmp_seq=4 ttl=127 time=14.864 ms
64 bytes from 10.0.1.21: icmp_seq=5 ttl=127 time=13.081 ms**
^C
--- 10.0.1.21 ping statistics ---
7 packets transmitted, 6 packets received, 14.3% packet loss
round-trip min/avg/max/stddev = 13.081/17.003/23.657/3.590 ms
❯ dig stage.argocd.eeeee-ppppers

; <<>> DiG 9.10.6 <<>> stage.argocd.eeeee-ppppers
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16539
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;stage.argocd.eeeee-ppppers.	IN	A

;; AUTHORITY SECTION:
.			354	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2024030900 1800 900 604800 86400

;; Query time: 45 msec
;; SERVER: 10.0.1.21#53(10.0.1.21)
;; WHEN: Sat Mar 09 10:51:59 CST 2024
;; MSG SIZE  rcvd: 133
Topics
Networking & Content DeliveryContainers
Tags
Amazon VPCNetworking & Content DeliveryAmazon Elastic Kubernetes ServiceAmazon Route 53Domain Name System (DNS)
Language
English
reppakayala
asked 2 months ago319 views
2 Answers
0

10.0.1.21 is the IP address of the DNS server, not of the target whose IP address you are trying to resolve.

The output of the nslookup command indicates that stage.argocd.eeeee-ppppers cannot be resolved.

profile picture
EXPERT
Steve_M
answered 2 months ago
profile picture
EXPERT
shibata
reviewed 2 months ago
0

Apparently your DNS Server IP is 10.0.1.21 . And this server dont know about stage.argocd.eeeee-ppppers

Usually private hosted zone listens on VPC +2 DNS Server IP. Like if you VPC CIDR is 10.0.0.0/16 then DNS Service is 10.0.0.2

So apparently your machine is sending DNS Requests to 10.0.1.21 and its not forwarding request to your VPC DNS Server.

What happens, if you do nslookup yahoo.com ?

Muhammad-Muha
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content