resource/vpc_dhcp_options: Updated documentation about how to maintain default AWS DNS servers #2033
Conversation
| @@ -41,7 +41,7 @@ resource "aws_vpc_dhcp_options" "foo" { | |||
| The following arguments are supported: | |||
|
|
|||
| * `domain_name` - (Optional) the suffix domain name to use by default when resolving non Fully Qualified Domain Names. In other words, this is what ends up being the `search` value in the `/etc/resolv.conf` file. | |||
| * `domain_name_servers` - (Optional) List of name servers to configure in `/etc/resolv.conf`. | |||
| * `domain_name_servers` - (Optional) List of name servers to configure in `/etc/resolv.conf`. Note that if you leave this empty, DNS resolution will break. If you want to use the default AWS nameservers you should set this to `AmazonProvidedDNS`. | |||
There was a problem hiding this comment.
Can we change this to a more positive message, just keeping the second sentence?
Also, if this is empty, is the DNS resolution really broken or just non-functional?
There was a problem hiding this comment.
Sure- made the requested change. As mentioned in #2031 it breaks in the sense that your instances are provisioned without nameservers so it doesn't work. If you manually set them to use nameservers after the fact then they will work, but by default your DNS won't work.
There was a problem hiding this comment.
Understood, thanks for the explanation!
So: reachable by API but not by DNS name, that's right?
There was a problem hiding this comment.
More specifically: if you attempt to do something like ping my-instance.example.com you will get "Unable to resolve". Then you would look at /etc/resolv.conf and you would need to add the default AWS NS to it, for example: nameserver 10.0.150.2 (if you are on 10.0.150.0/24). Now DNS works.
By setting AmazonProvidedDNS in your terraform, you will not get this "Unable to resolve" error and you will not need to manually add the nameserver IP to your resolv.conf, it will already be there (AWS will figure out what the value needs to be depending on your VPC and pre-populate it for you, thus DNS works by default for each new instance).
There was a problem hiding this comment.
OK so it's all ok then :) thank you @alex1x ! 🚀
Ninir
added
documentation
Ninir
changed the title
Ninir
removed
the
waiting-response
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked and limited conversation to collaborators
…ult AWS DNS
Fixes #2031