Configuring an EC2 instance as DNS server using BIND that can only resolve forward lookups but not reverse lookups in an AWS VPC
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 |
------------------------------------------------- configuring 10.0.0.12 EC2 instance as DNS Server using bind that can only resolve forward lookups but not reverse lookups. # Doing everything below as root sudo su - yum install bind vim /etc/named.conf Changes to existing rules disabling some options and more importantly adding forwarder(amazon provided dns server which is .2 IP in VPC) that can resolve s3 and repo's hostnames. options { listen-on port 53 { 127.0.0.1; 10.0.0.12; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { 10.0.0.0/16; }; recursion yes; allow-recursion { 10.0.0.0/16; }; dnssec-enable no; dnssec-validation no; forwarders { 10.0.0.2; }; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; ------------------------------------------------- #Additions at end of this config to add a zone for forward lookups : zone "us-west-2.compute.internal" { type master; file "/var/named/west2compute.internal"; }; ------------------------------------------------- #generate record set for forward resolution of all possible hostnames for a small(10.0.3.0/28) private subnet in a VPC : for i in {0..15}; do echo "ip-10-0-3-$i IN A 10.0.3.$i"; done # add zone file that was referecend in named.conf # This forward zone west2compute.internal contains nameserver (NS) records back to the BIND server at 10.0.0.12; all of the possible host names are defined as A records as follows: vim /var/named/west2compute.internal ; Addresses and other host information. ; @ IN SOA ns.us-west-2.compute.internal. root.us-west-2.compute.internal. ( 2012080701 ; Serial 43200 ; Refresh 3600 ; Retry 3600000 ; Expire 2592000 ) ; Minimum IN NS ns.us-west-2.compute.internal. ; Define the nameservers ns IN A 10.0.0.12 ip-10-0-3-0 IN A 10.0.3.0 ip-10-0-3-1 IN A 10.0.3.1 ip-10-0-3-2 IN A 10.0.3.2 ip-10-0-3-3 IN A 10.0.3.3 ip-10-0-3-4 IN A 10.0.3.4 ip-10-0-3-5 IN A 10.0.3.5 ip-10-0-3-6 IN A 10.0.3.6 ip-10-0-3-7 IN A 10.0.3.7 ip-10-0-3-8 IN A 10.0.3.8 ip-10-0-3-9 IN A 10.0.3.9 ip-10-0-3-10 IN A 10.0.3.10 ip-10-0-3-11 IN A 10.0.3.11 ip-10-0-3-12 IN A 10.0.3.12 ip-10-0-3-13 IN A 10.0.3.13 ip-10-0-3-14 IN A 10.0.3.14 ip-10-0-3-15 IN A 10.0.3.15 ------------------------------------------------- #Start Bind Service /etc/init.d/named start Generating /etc/rndc.key: [ OK ] Starting named: [ OK ] /etc/init.d/named status /etc/init.d/named restart ------------------------------------------------- # Modify DNS Server on your server as our DNS Server IP Address cat /etc/resolv.conf nameserver 10.0.0.12 ------------------------------------------------- # use this 10.0.0.12 as dns-host-names on VPC. ------------------------------------------------- # launch an EMR cluster on this small subnet on this VPC> ------------------------------------------------- |