3

Things that I learned today (15-07-20):
Suppose you have a hosted zone (both private and public) i.e. y.test.com. in AWS r53. and you created r53 DNS record in the public host zone sample1.y.test.com and if you will try to reach this DNS from ec2 you will not be able to. it will give you an error that DNS does not exist but out of ec2, it will work.
To make it work, you have to create the same record in a private hosted zone. Then only you can connect from within an EC2 instance.
So apparently EC2 always looks for the DNS for your registered name server in private hosted zone.

There should be a fail-safe, if it's not in the private hosted zone, it should look in public as well. (idk)

Maybe it was silly of me to not knowing this in the first place. ( wasted good amount of time)

Comments
  • 1
    Yes, that's the default behavior, but there are ways to modify this if you're crafty enough. Personally, I just don't give a shit and all of my DNS records exist in the single public zone. We just teach our apps to use xyz.internal.publicdomain.com to access internal services. It's much simpler.
  • 1
    Also, check out Consul. It makes all of the private DNS lookups easier.
  • 0
    @devphobe how? Without using anything out of aws.
  • 0
    @notSoCoolGuy

    I don't have enough details to be more specific, but if you created two zones "y.sample.com" as both private and public that will fuck you up. It's always easier to use "sample.internal" and "sample.com" if you need that level of division.

    * Poor mans way: Just don't use private zones at all. It's honestly not worth the small amount of security you get from it. Why not just run add records like "redis.internal.company.com" in your public zones and have Route53 point back to a private IP Address like 10.10.x.y?
Add Comment