Amazon DNS server and VPC Primary CIDR block

Question

In the documentation[[1](https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html#subnet-sizing)][[2](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html#AmazonDNS)] it says "For VPCs with multiple CIDR blocks, the IP address of the DNS server is located in the primary CIDR."

I had planned out a network topology, but when I read that sentence it now has me wondering if I need to treat that first subnet in the primary CIDR block differently than any other subnet.

I'm trying to understand what that means in relation to the IP address at the network base+2 that's reserved for the AWS DNS server on each subnet.  As I understand it, a Subnet can have only one IPv4 CIDR block, so does this mean that if a Subnet is given a CIDR block from a non-primary VPC CIDR then while the network base+2 address is reserved for AWS DNS, there won't be anything there?

Another possible way I can interpret that statement is that if I allocate 10.32.0.0/16 to a VPC, and then create only one Subnet with CIDR 10.32.16.0/20 that there might be issues with AWS DNS because there's no subnet containing 10.32.0.2?  Or that there might be issues if there was a network containing that IP but access to it from some other subnets is blocked by ACL?

Accepted Answer

Your subnet design is independent of AWS VPC DNS, see below statement:

******************************
The Amazon DNS server **does not reside within a specific subnet** or Availability Zone in a VPC. It's located at the address 169.254.169.253 (**and** the reserved IP address at the base of the VPC IPv4 network range, plus two) and fd00:ec2::253. For example, the Amazon DNS Server on a 10.0.0.0/16 network is located at 10.0.0.2. For VPCs with multiple IPv4 CIDR blocks, the DNS server IP address is located in the primary CIDR block.

Reference: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html

Amazon DNS server and VPC Primary CIDR block

相关内容