Unable to Resolve Private Hosted Zone Record Sets



I have issues resolving a group of Route 53 private hosted zone record sets but I can resolve and ping things like www.google.com or and AWS internal ELB.

This partial resolve ability seems similar to the issue listed in this resolved thread Link: https://forums.aws.amazon.com/message.jspa?messageID=454781.

I'm trying to resolve and access gitlab-ce.devops.ssnetsvc.local from instance i-0d18b16a8296124b0 and i-0a6af0c16418eddda.
Ping returns "Name or service not known".

Dig returns:

$ dig gitlab-ce.devops.ssnetsvc.local

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> gitlab-ce.devops.ssnetsvc.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55498
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;gitlab-ce.devops.ssnetsvc.local. IN    A

.                       1651    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2019032700 1800 900 604800 86400

;; Query time: 77 msec
;; WHEN: Wed Mar 27 06:42:27 UTC 2019
;; MSG SIZE  rcvd: 124

Using dig against one of the NS records for the private hosted zone, I get a 'REFUSED' and 'WARNING'.

ec2-user@ip-10-10-3-10 ~]$ dig @ns-1024.awsdns-00.org gitlab-ce.devops.ssnetsvc.local

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> @ns-1024.awsdns-00.org gitlab-ce.devops.ssnetsvc.local
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 42033
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;gitlab-ce.devops.ssnetsvc.local. IN    A

;; Query time: 67 msec
;; WHEN: Wed Mar 27 06:53:26 UTC 2019
;; MSG SIZE  rcvd: 49

For nslookup against the Private Hosted Zone's name servers, I noticed it automatically appends "ap-southeast-1.compute.internal" to the record I'm checking against.

[ec2-user@ip-10-10-3-10 ~]$ nslookup gitlab-ce.devops.ssnetsvc.local ns-1024.awsdns-00.org
Server:         ns-1024.awsdns-00.org

** server can't find gitlab-ce.devops.ssnetsvc.local.ap-southeast-1.compute.internal: REFUSED

Hope someone can assist on this.

Thank you.

gefragt vor 5 Jahren820 Aufrufe
1 Antwort

Hi, I have resolved this issue myself.

Issue is because I did not associate the VPC to the private hosted zone.
Refer to Link: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zone-private-associate-vpcs.html for more information.

Best Regards
Fu Keong

beantwortet vor 5 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen