By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Unable to Resolve Private Hosted Zone Record Sets

0

Hi,

I have issues resolving a group of Route 53 private hosted zone record sets but I can resolve and ping things like www.google.com or and AWS internal ELB.

This partial resolve ability seems similar to the issue listed in this resolved thread Link: https://forums.aws.amazon.com/message.jspa?messageID=454781.

I'm trying to resolve and access gitlab-ce.devops.ssnetsvc.local from instance i-0d18b16a8296124b0 and i-0a6af0c16418eddda.
Ping returns "Name or service not known".

Dig returns:

$ dig gitlab-ce.devops.ssnetsvc.local

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> gitlab-ce.devops.ssnetsvc.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55498
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;gitlab-ce.devops.ssnetsvc.local. IN    A

;; AUTHORITY SECTION:
.                       1651    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2019032700 1800 900 604800 86400

;; Query time: 77 msec
;; SERVER: 10.10.0.2#53(10.10.0.2)
;; WHEN: Wed Mar 27 06:42:27 UTC 2019
;; MSG SIZE  rcvd: 124

Using dig against one of the NS records for the private hosted zone, I get a 'REFUSED' and 'WARNING'.

ec2-user@ip-10-10-3-10 ~]$ dig @ns-1024.awsdns-00.org gitlab-ce.devops.ssnetsvc.local

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> @ns-1024.awsdns-00.org gitlab-ce.devops.ssnetsvc.local
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 42033
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;gitlab-ce.devops.ssnetsvc.local. IN    A

;; Query time: 67 msec
;; SERVER: 205.251.196.0#53(205.251.196.0)
;; WHEN: Wed Mar 27 06:53:26 UTC 2019
;; MSG SIZE  rcvd: 49

For nslookup against the Private Hosted Zone's name servers, I noticed it automatically appends "ap-southeast-1.compute.internal" to the record I'm checking against.

[ec2-user@ip-10-10-3-10 ~]$ nslookup gitlab-ce.devops.ssnetsvc.local ns-1024.awsdns-00.org
Server:         ns-1024.awsdns-00.org
Address:        205.251.196.0#53

** server can't find gitlab-ce.devops.ssnetsvc.local.ap-southeast-1.compute.internal: REFUSED

Hope someone can assist on this.

Thank you.

Topics
Compute
Tags
Amazon EC2
Language
English
awesomepolarbear
asked 5 years ago768 views
1 Answer
0

Hi, I have resolved this issue myself.

Issue is because I did not associate the VPC to the private hosted zone.
Refer to Link: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zone-private-associate-vpcs.html for more information.

Best Regards
Fu Keong

awesomepolarbear
answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content