ec2, eks could not resolve dns host name
Problem:
{ ec2, lambda, ecs, eks } could not resolve { public, private } dns host name
or
could not resolve { s3, sqs, dynamodb, sns, execute-api, rds, elasticfilesystem ... } in { ec2, lambda, ecs, eks }
---
The error message was No subject alternative DNS name matching my.domain.com found.
server can't find kubernetes.default: NXDOMAIN
nslookup -> server can't find ip-192-168-1-86.ec2.internal: NXDOMAIN
Solution:
1. Check the routing table to see if that IP address is being routed to a black hole.
Deleted routing targets can cause problems.
Targets can be Instance, Internet Gateway, Peering Connection, Transit Gateway, etc.
2. Does your account VPC have a VPC ENDPOINT for AWS SERVICES and is PRIVATE DNS enabled?
If yes, there are two solutions to resolve this issue.
- Disable Private DNS names
- Change CNAME record to A record, with Alias
Search by vpc id in Endpoints.
View the details of that VPC endpoint ID.
Disabling private DNS names works fine.
If you still need to use private DNS
Change the record type for your public domain from CNAME to A and turn on Alias option.
Using AWS API GATEWAY as an example, addresses returned as canonical names, domains of the form *.execute-api.ap-northeast-2.amazonaws.com will all resolve to the VPC ENDPOINT INTERFACE IP (PRIVATE IP).
This is because private DNS is enabled on the VPC with the AWS compute instance.
https://docs.aws.amazon.com/ko_kr/vpc/latest/userguide/vpc-dns.html