ec2, eks could not resolve dns host name

Problem:

{ ec2, lambda, ecs, eks } could not resolve { public, private } dns host name

or

could not resolve { s3, sqs, dynamodb, sns, execute-api, rds, elasticfilesystem ... }  in { ec2, lambda, ecs, eks }

---

The error message was No subject alternative DNS name matching my.domain.com found.

server can't find kubernetes.default: NXDOMAIN

nslookup ->  server can't find ip-192-168-1-86.ec2.internal: NXDOMAIN

 

 

Solution:

1. Check the routing table to see if that IP address is being routed to a black hole.

Deleted routing targets can cause problems.

Targets can be Instance, Internet Gateway, Peering Connection, Transit Gateway, etc.

 

 

2. Does your account VPC have a VPC ENDPOINT for AWS SERVICES and is PRIVATE DNS enabled?

If yes, there are two solutions to resolve this issue.

1. Disable Private DNS names
2. Change CNAME record to A record, with Alias

 

Search by vpc id in Endpoints.

View the details of that VPC endpoint ID.

Disabling private DNS names works fine.

If you still need to use private DNS

Change the record type for your public domain from CNAME to A and turn on Alias option.

 

Using AWS API GATEWAY as an example, addresses returned as canonical names, domains of the form *.execute-api.ap-northeast-2.amazonaws.com will all resolve to the VPC ENDPOINT INTERFACE IP (PRIVATE IP).

This is because private DNS is enabled on the VPC with the AWS compute instance.

 

 

https://docs.aws.amazon.com/ko_kr/vpc/latest/userguide/vpc-dns.html