Hi,
I have issues resolving a group of Route 53 private hosted zone record sets but I can resolve and ping things like www.google.com or and AWS internal ELB.
This partial resolve ability seems similar to the issue listed in this resolved thread Link: https://forums.aws.amazon.com/message.jspa?messageID=454781.
I'm trying to resolve and access gitlab-ce.devops.ssnetsvc.local from instance i-0d18b16a8296124b0 and i-0a6af0c16418eddda.
Ping returns "Name or service not known".
Dig returns:
$ dig gitlab-ce.devops.ssnetsvc.local
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> gitlab-ce.devops.ssnetsvc.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55498
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;gitlab-ce.devops.ssnetsvc.local. IN A
;; AUTHORITY SECTION:
. 1651 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019032700 1800 900 604800 86400
;; Query time: 77 msec
;; SERVER: 10.10.0.2#53(10.10.0.2)
;; WHEN: Wed Mar 27 06:42:27 UTC 2019
;; MSG SIZE rcvd: 124
Using dig against one of the NS records for the private hosted zone, I get a 'REFUSED' and 'WARNING'.
ec2-user@ip-10-10-3-10 ~]$ dig @ns-1024.awsdns-00.org gitlab-ce.devops.ssnetsvc.local
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> @ns-1024.awsdns-00.org gitlab-ce.devops.ssnetsvc.local
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 42033
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;gitlab-ce.devops.ssnetsvc.local. IN A
;; Query time: 67 msec
;; SERVER: 205.251.196.0#53(205.251.196.0)
;; WHEN: Wed Mar 27 06:53:26 UTC 2019
;; MSG SIZE rcvd: 49
For nslookup against the Private Hosted Zone's name servers, I noticed it automatically appends "ap-southeast-1.compute.internal" to the record I'm checking against.
[ec2-user@ip-10-10-3-10 ~]$ nslookup gitlab-ce.devops.ssnetsvc.local ns-1024.awsdns-00.org
Server: ns-1024.awsdns-00.org
Address: 205.251.196.0#53
** server can't find gitlab-ce.devops.ssnetsvc.local.ap-southeast-1.compute.internal: REFUSED
Hope someone can assist on this.
Thank you.