I'm facing a challenge while deploying ECS with EFS in my VPC that requires a custom DNS setup. The main DNS server is located within the VPC (.10) along with some other DNS in my on-premises network. I used DHCP options to configure this, bypassing AWS DNS. However, I'm getting failures when trying to connect to the EFS cluster because my DNS can't resolve its name without using AWS DNS. I found that if I set the DNS server to the alternate IP in the range, I can successfully reach the EFS name. But, after adding this entry to the DHCP options, my container deployments still fail. How can I make my DNS server forward requests to the AWS DNS at the alternate IP? Any suggestions would be appreciated!
3 Answers
I ran into a similar issue when my EFS was in a different AWS account from my ECS workloads. As long as your VPC peering or transit gateway is properly configured and the security groups allow the traffic, you can use the ECS host entry feature to manually add the FQDN for your EFS. It's crucial that the FQDN is resolvable; otherwise, you might run into problems using just the short name.
The simplest solution would be to reconfigure your DNS server settings to forward requests to the AWS DNS (.2). However, the best practice is aligning everything to point to AWS DNS. If you have zones managed on your DNS server, you can create private hosted zones in Route53, and setup rules to forward queries to other DNS servers if needed.
You might want to check out Route53 Resolver instead of sticking with only custom DNS options in your VPC. ECS uses the .2 resolver for all DNS queries, including those for EFS. Route53 Resolver can help conditionally forward any queries to your on-prem servers.
Totally agree, that’s definitely a solid way to go! Just to add, with Route53 Resolver, you can forward queries to both on-prem and AWS-based DNS servers. Just remember to set up the "Route53 Outbound Endpoint" and adjust your security groups and firewall rules so it can communicate with your custom DNS.