Ping a Specific Port

Question

jaygooby

Asked: 2017-09-27 02:18:42 +0800 CST2017-09-27 02:18:42 +0800 CST 2017-09-27 02:18:42 +0800 CST

What DNS server should I use to receive AWS internal addresses for my nginx resolver?

772

I'm using an AWS Elasticache server example.foo.euw1.cache.amazonaws.com which I want nginx to be able to use in a location directive (this is just a simplistic example):

location /cached {
  set $memcached_key $uri;
  memcached_pass  example.foo.euw1.cache.amazonaws.com:11211;
  try_files $uri =404;
}

Because Elasticache node IP addresses can change, I don't want to use the current IP address of example.foo.euw1.cache.amazonaws.com.

What resolver IP should I use to get AWS internal IP addresses (10.x) instead of the public facing versions (79.x)?

On the machine that nginx is running on, I can mimic this with these host calls:

$ host example.foo.euw1.cache.amazonaws.com
$ 10.120.40.80
$ # ^^^ that's the correct internal address I want to use
$
$ host example.foo.euw1.cache.amazonaws.com 8.8.4.4
$ 79.125.100.150
$ # ^^^ that's the public IP that I don't want to use

For instance, if I use the Google public DNS with the resolver, I'll get 79.x addresses and not the 10.x ones I want:

location /cached {
  resolver 8.8.4.4 ipv6=off valid=5m;
  set $memcached_key $uri;
  memcached_pass  example.foo.euw1.cache.amazonaws.com:11211;
  try_files $uri =404;
}

I can't use 127.0.0.1 as I'm not running my own DNS server.

dig +trace example.foo.euw1.cache.amazonaws.com

gives this trace;

dig +trace example.foo.euw1.cache.amazonaws.co

; <<>> DiG 9.3.4 <<>> +trace example.foo.euw1.cache.amazonaws.co
;; global options:  printcmd
.                       518400  IN      NS      L.ROOT-SERVERS.NET.
.                       518400  IN      NS      M.ROOT-SERVERS.NET.
.                       518400  IN      NS      A.ROOT-SERVERS.NET.
.                       518400  IN      NS      B.ROOT-SERVERS.NET.
.                       518400  IN      NS      C.ROOT-SERVERS.NET.
.                       518400  IN      NS      D.ROOT-SERVERS.NET.
.                       518400  IN      NS      E.ROOT-SERVERS.NET.
.                       518400  IN      NS      F.ROOT-SERVERS.NET.
.                       518400  IN      NS      G.ROOT-SERVERS.NET.
.                       518400  IN      NS      H.ROOT-SERVERS.NET.
.                       518400  IN      NS      I.ROOT-SERVERS.NET.
.                       518400  IN      NS      J.ROOT-SERVERS.NET.
.                       518400  IN      NS      K.ROOT-SERVERS.NET.
;; Received 228 bytes from 172.16.0.23#53(172.16.0.23) in 0 ms

com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.
;; Received 503 bytes from 199.7.83.42#53(L.ROOT-SERVERS.NET) in 30 ms

amazonaws.com.          172800  IN      NS      u1.amazonaws.com.
amazonaws.com.          172800  IN      NS      u2.amazonaws.com.
amazonaws.com.          172800  IN      NS      r1.amazonaws.com.
amazonaws.com.          172800  IN      NS      r2.amazonaws.com.
;; Received 191 bytes from 192.5.6.30#53(a.gtld-servers.net) in 20 ms

euw1.cache.amazonaws.com. 300   IN      NS      ns-1439.awsdns-51.org.
euw1.cache.amazonaws.com. 300   IN      NS      ns-108.awsdns-13.com.
euw1.cache.amazonaws.com. 300   IN      NS      ns-738.awsdns-28.net.
euw1.cache.amazonaws.com. 300   IN      NS      ns-1905.awsdns-46.co.uk.
;; Received 196 bytes from 156.154.64.10#53(u1.amazonaws.com) in 12 ms

example.foo.euw1.cache.amazonaws.co. 15 IN CNAME ec2-79-125-28-100.eu-west-1.compute.amazonaws.com.
euw1.cache.amazonaws.com. 172800 IN     NS      ns-108.awsdns-13.com.
euw1.cache.amazonaws.com. 172800 IN     NS      ns-1439.awsdns-51.org.
euw1.cache.amazonaws.com. 172800 IN     NS      ns-1905.awsdns-46.co.uk.
euw1.cache.amazonaws.com. 172800 IN     NS      ns-738.awsdns-28.net.
;; Received 246 bytes from 205.251.197.159#53(ns-1439.awsdns-51.org) in 10 ms

Can I safely use one of the u1.amazonaws.com, u2.amazonaws.com, r1.amazonaws.com, r2.amazonaws.com servers?

Edit 1: doesn't look like I can, as trying to use those servers (and in fact any of the awsdns servers) with a host call either don't return addresses or return 5(REFUSED).

Edit 2 ah, if I dig around in the DHCP assigned data I can see the IP address I need to use:

$ grep domain-name-servers /var/lib/dhcp3/dhclient.*
$ /var/lib/dhcp3/dhclient.eth0.leases:  option domain-name-servers 172.16.0.23;

And then using that 172.16.0.23 address in a host call correctly returns the internal 10.x address.

This still feels a bit brittle because that DHCP assigned name server could change...

1 Answers

Voted

Michael - sqlbot · Answer 1 · 2017-09-27T06:30:14+08:00

Best Answer

Michael - sqlbot

2017-09-27T06:30:14+08:002017-09-27T06:30:14+08:00

In a VPC, use 169.254.169.253.

This is the same as using the CIDR base + 2 address that is assigned by DHCP, but more portable because it doesn't depend on the IP numbering of the VPC where the machine happens to be deployed. You can deploy the same configuration in any VPC in any AWS region and this address will always be a working internal DNS resolver.

If [enableDnsSupport] is true, queries to the Amazon provided DNS server at the 169.254.169.253 IP address, or the reserved IP address at the base of the VPC IPv4 network range plus two will succeed.

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-dns.html#vpc-dns-support

For instances in EC2-Classic, even though the DNS resolver is provided by DHCP, it never changes. It's always 172.16.0.23.

Amazon provides a DNS server that resolves Amazon-provided IPv4 DNS hostnames to IPv4 addresses. In EC2-Classic, the Amazon DNS server is located at 172.16.0.23.

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html#amazon-dns-server

20

What DNS server should I use to receive AWS internal addresses for my nginx resolver?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?