- Newest
- Most votes
- Most comments
It's best to set 169.254.169.253 as your DNS server and not to use external DNS servers, like Google's. That's the AWS-provided Route 53 Resolver in your VPC. https://docs.aws.amazon.com/vpc/latest/userguide/AmazonDNS-concepts.html
Do you get DNS replies from 169.254.169.253?
Normally, your Ubuntu installation should be obtaining these settings via DHCP, and when your VPC's DHCP option set is configured with AmazonProvidedDNS, as you mentioned, this local DNS service in the VPC should be configured automatically also in Ubuntu, without manually configuring resolv.conf.
Hello,
- Read this reposte article and set up DNS using the netplan configuration file. The below document is common for all Ubuntu 18.04+ versions.
Notes: indentation is important in Netplan configuration file, so be careful.
- [+] https://repost.aws/knowledge-center/ec2-static-dns-ubuntu-debian#:~:text=the%20instance.-,Ubuntu%2018.04,-On%20Ubuntu%2018.04
- [+] https://ubuntu.com/server/docs/configuring-networks#static-ip-address-assignment
After update file execute following commands
# sudo netplan try
Before execute below command confirm no errors on netplan file
# sudo netplan generate
# sudo netplan --debug apply
- Reboot the instance.
- To confirm that the system correctly picks up the intended DNS server IP addresses, run the systemd-resolve command:
systemd-resolve --status
If this solves your issue, please feel free to accept this answer.
If you have got something like ncat
installed then you can use this to prove that port 53 is open to the target:
$ ncat -vz 8.8.8.8 53
Ncat: Version 7.95 ( https://nmap.org/ncat )
Ncat: Connected to 8.8.8.8:53.
Ncat: 0 bytes sent, 0 bytes received in 0.03 seconds.
If this works for you then it look more like something in the Ubuntu DNS config itself, and not network-related.
Can you take the resolv.conf out of the equation and force queries to use a particular DNS resolver? https://www.lifewire.com/free-and-public-dns-servers-2626062
This forces it to use Google, regardless of what's in resolv.conf (and try the same for CloudFlare, OpenDNS, etc.).
$ nslookup repost.aws 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: repost.aws
Address: 18.65.244.47
Name: repost.aws
Address: 18.65.244.50
Name: repost.aws
Address: 18.65.244.20
Name: repost.aws
Address: 18.65.244.103
If none of these on that link work for you, then verify that the outbound DNS port 53 is definitely open in the instance's security group, and allowed in the NACL associated with the subnet.
Also I note that you say:
Verified that the security groups and network ACLs allow outbound DNS and HTTP/HTTPS traffic.
Can you curl
or wget
a simple webpage, which proves that you can get out on the HTTP/HTTPS port? e.g. $ curl https://www.google.com/
If HTTP/HTTPS is working but DNS isn't then look at what you may have done differently when you allowed traffic for each of these services.
Relevant content
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
I am not able to ping 169.254.169.253