- Newest
- Most votes
- Most comments
This is really weird because as you probably know a wildcard is handled "server side" and would never be exposed to a DNS client. So, assume the following sequence:
t0 - only *.example.com A 10.1.1.1 TTL 3600 exists
t1 - you nslookup test1.example.com -> result is 10.1.1.1 and it's cached
t2 - test2.example.com A 10.2.2.2 is added
t3 - you run nslookup test2.example.com -> at this point the only thing the client can do is go to server, it doesn't know at t1 the response would have been the same than for test1
The only case what you are describing would happen is:
t4 - you nslookup test3.example.com -> 10.1.1.1 (from the wildcard) is returned, with a ttl of 900
t5 - test3.example.com A 10.3.3.3 is added
t6 - you nslookup test3.example.com again -> 10.1.1.1 will be returrned until the record cached at t4 expires, 10.3.3.3 afterwards
To rule out any caching issue, have you tried creating a new subdomain you've never queried before (in the same zone with the * record), and see how it resolves?
Hello! According to this link https://docs.aws.amazon.com/directoryservice/latest/admin-guide/simple_ad_dns.html Simple AD does not support dynamic DNS updates. When launching a WorkSpace, the IP's of your Simple AD domain controllers are assigned as static. The previous link offers additional guidance so I recommend taking a look.
EC2 instances work differently in this regard. When launching an EC2 instance and joining to the domain, the DNS IP settings are not set, so the default DHCP option takes place (unless your AD has a group policy that sets them). If you have DHCP Options configured in your VPC https://docs.aws.amazon.com/directoryservice/latest/admin-guide/dhcp_options_set.html the EC2 instance will get its domain name and DNS settings from it.
Thanks for the answer. I figured out part of the issue where some of the programs I was using couldn't connect to other machines in the VPC. It came down to a missing security group not being applied. So just a dumb configuration problem. However, when debugging it I started using nslookup to try and see where these DNS names were going, and nslookup still reports bad results which I can't explain. But all of the programs (chrome, firefox, ssh tools, etc) are in agreement on DNS resolution, and are working as expected. But for some reason nslookup is still being weird.
Relevant content
- asked 2 years ago
- asked a year ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
I will try to create a new domain, but I will also say that if I try and resolve the public DNS name from amazon
ec2-3-277-231-288.compute-1.amazonaws.com(I modified the number so that it was invalid so I could post it). That too resolves to*.somecompany.com. It seems like the DNS server (not the client) is hard wired to return that for every inquiry.nslookup www.yahoo.com,nslookup amazon.com, etc. They all return the same answer.Is there a service in windows 10 that could be disabled (particularly an amazon related one), that might cause the DNS records to not be updated with Route53? I had to turn off several services a while back while fixing something else, and things were broken until I turned them back on. I may have a service that I didn't turn back on hence causing this issue.