Amazon Web Services

Configure DHCP and DNS in an AWS Virtual Private Cloud

In this Ask the Admin, I’ll show you how to get internal DNS resolution working in an Amazon Web Services Virtual Private Cloud (VPC).

In Manage IP Addressing with Virtual Private Clouds in Amazon Web Services on the Petri IT Knowledgebase, I demonstrated how to provision virtual machines (Elastic Compute instances) in a VPC, which is the equivalent of a virtual network in Microsoft Azure. In contrast to classic EC2 instances, VMs associated with a VPC are assigned an internal private IP address that remains with them throughout their entire lifecycle, which is important for some server workloads.

Obtaining a static IP address is a good start, but you’ll also need to consider how to get DNS name resolution working so that you can locate not only resources on the Internet, but also other VMs in your VPC. If you decide to use the internal DNS names automatically assigned to each instance, internal name resolution works out-of-the-box. If you want to set up Active Directory in your VMs, you’ll likely want to use a Windows DNS server, installed on a domain controller or dedicated VM. In this case, the DHCP settings for the VPC need to be modified.

DHCP Option Sets

VPCs are assigned a DHCP options set that’s configured to provide name resolution for Internet connectivity, and the internal DNS names automatically assigned to each instance. Otherwise known as Amazon Provided DNS, this server occupies the second IP address of your VPC’s assigned address block. For example, my VPC has a subnet configured, and the IP address for Amazon Provided DNS is

Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

Create a New DHCP Options Set using PowerShell

Before running the commands below, you’ll need to set up the AWS Tools for Windows PowerShell on your PC. For information on how to do this, see Provision Windows Server in Amazon Web Services using PowerShell on the Petri IT Knowledgebase.

Open a PowerShell console, type get-ec2vpc and press ENTER. In the cmdlet output, make a note of the VpcId you want to configure, and the DhcpOptionsId assigned to it. To make the rest of the tutorial easier, I’m going to put my VpcId into a variable: $vpcId = “vpc-4eeb372b”, replacing vpc-4eeb372b with your VPC ID.

Unless you’ve changed the default settings for your VPC, both DNS and DHCP options should be enabled.

If you find that EnableDnsSupport isn’t set to true, enable it as follows:
To get a list of all the DHCP option sets in your AWS subscription, type Get-EC2DhcpOption and press ENTER. We have already established the DhcpOptionsId of the DHCP options set currently assigned to our VPC, so to check how its configuration run the cmdlet below, replacing dopt-2af8ef48 with the DhcpOptionsId you want to query.
In the output, you’ll see that only Amazon Provided DNS is configured. It’s not possible to modify an existing DHCP options set in AWS, so we’ll need to create a new one and associate with a VPC. To create a new DHCP option set, use the code below. I copied the value for the domain name option, us-west-2.compute.internal, from the default DHCP option set we queried above, and is the IP address of the instance where I have my domain controller and AD integrated DNS installed.

Configure DHCP and DNS in an AWS Virtual Private Cloud
Add DNS servers to a DHCP options set (Image Credit: Russell Smith)
Now I need to register the DHCP options set with my VPC. Only one DHCP options set can be registered with a VPC.

Run Get-EC2DhcpOption again and you’ll see a new DHCP options set in the list. Run the cmdlet below, replacing dopt-9b8663fe with the DhcpOptionsId of the new options set in your subscription, to check it was configured as expected.
Configure DHCP and DNS in an Amazon Web Services Virtual Private Cloud
Check the configuration of a DHCP options set (Image Credit: Russell Smith)
You should see two values for domain-name-servers, the IP address you specified and AmazonProvidedDNS. Reboot VMs running in your VPC, or run ipconfig /renew on each VM to update the DHCP settings. If you run ipconfig /all in an affected VM, you’ll see the DNS servers assigned by DHCP have changed.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
13 Email Threat Types to Know About Right Now

As email threats evolve and multiply, keeping track of them all—and staying protected against the many different types—becomes a complex challenge. Today, that requires more than just the traditional email gateway solution that used to be good enough.

In this eBook you will learn:

  • What are the most common and challenging email attacks for organizations?
  • How to defend against sophisticated email threats, such as spoofing, social engineering, and fraud
  • How to protect employees at the inbox level with the right technologies and security-awareness training
  • How to use a multilayered protection strategy to reduce susceptibility to email attacks and better defend your business and employees

Sponsored by: