By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS Directory Service unable to resolve EFS dns name

0

Hello,

I am using AWS Directory Service and therefore my VPC has the required custom DHCP options. This seems to be causing my EFS dns name to not resolve:

$ sudo mount -t efs fs-981781a1:/ efs
Failed to resolve "fs-981781a1.efs.ap-southeast-2.amazonaws.com" - check that your file system ID is correct.

$ sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport fs-981781a1.efs.ap-southeast-2.amazonaws.com:/ efs
mount.nfs4: Failed to resolve server fs-981781a1.efs.ap-southeast-2.amazonaws.com: Name or service not known

However, specifying the EFS target ip address does work:
sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport 10.0.14.62:/ efs

Any help would be appreciated.

Thanks!

Topics
Security, Identity, & Compliance
Tags
AWS Directory Service
Language
English
Jimmy514
asked 5 years ago2455 views
3 Answers
1
Accepted Answer

There are two areas you can check:

  1. Verify that the DNS service provided by AWS Directory Service is configured to forward unknown quries to your .2 DNS server. Given the EFS IP you provided I would guess that DNS server is at 10.0.0.2. Here is a screenshot showing where to configure the forwarder.
    http://www.mcmcse.com/microsoft/guides/70-410/images/dns_forwarding1.jpg

  2. EFS creates mount targets at the AZ level. So if you have instances in three AZs and only created mount targets in two AZs, then the instances in the third AZ without a mount target will not be able to resolve the name.
    The common problem we hear about in Directory Service is that the EFS mount target is only in AZ A and the Directory Service domain controllers are in AZ B and C. The EC2 instances send all of their DNS queries to the domain controllers and they then forward the lookup to the .2 DNS server in their AZ. But since there isn't a mount target in the domain contorller's AZ the .2 DNS server gives an NX (non-existent) response and the domain controller forwards that response to the EC2 instance. The easy fix in this scenario is to create EFS mount targets in all of the AZs where you have provisioned Directory Service domain controllers.

profile pictureAWS
JoeD_AWS
answered 5 years ago
0

Hello,

Thank you for your reply.

My EFS, managed Microsoft AD Directory Service and EC2 are all using the same subnet/availability zone. However, I had no idea I needed to setup a forwarder for unknown queries. I provisioned the managed Microsoft AD Directory Service using a cloudformation template based upon the following:
https://github.com/aws-quickstart/quickstart-microsoft-activedirectory/blob/master/templates/ad-3.template

Preferrable I'd like to add the additional setup of the forwarder to it.

If I was to do it manually do I really need to install DNS Manager tools on a windows EC2 instance? Or can it be done in the Directory Service console?

Any help would be appreciated.

Thanks

Jimmy514
answered 5 years ago
0

Sorry, but we have not provided a way to alter the forwarder setting through the console or a public API. Configuring it through a domain joined EC2 instance is the only option available today.

profile pictureAWS
JoeD_AWS
answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content