The RDS listener endpoint record does not resolve to private IP when requested from EC2 instance on the same VPC

Question

Hello. I'm using AWS RDS Microsoft SQL Server with Multi-AZ (Always On) configuration with 'Publicly accessible'. When I try to resolve RDS listener endpoint from EC2 instance on the same network, it returns the public IPs. Resolving of RDS endpoint returns a private IP but for RDS listener endpoint it doesn't work. Does anyone have any ideas why RDS listener endpoint record not return private IPs? 'DNS hostnames' and 'DNS resolution' are enabled on this VPC. Would be grateful for any ideas and suggestions. Thanks in advance.

Vitor Castellani
7 months ago
Any update?

Accepted Answer

Hello Uladzimir,

Take a look and see if any of these options suit your needs.

Potential Solutions:
* Private Endpoint: *If your primary use-case involves accessing the RDS instance from within the same VPC*, **consider switching the "Publicly accessible" setting to "No"**. This will ensure that only private IPs are associated with the RDS instance and its listener endpoint.
* Route 53 Resolver: Set up a custom DNS resolver using Amazon Route 53 Resolver. You can create a rule that forces resolution of the listener endpoint's domain name to its private IP.

Alternative Solution **(not recommended)**:
* Hosts File: *As a workaround*, though **not recommended for production systems**, you can manually map the listener endpoint to the private IP in the /etc/hosts (or equivalent) file on your EC2 instance. This will force the EC2 instance to resolve the endpoint to the specified IP. However, if the IP ever changes, you will need to manually update it.

The RDS listener endpoint record does not resolve to private IP when requested from EC2 instance on the same VPC

Relevant content