Configure DHCP and DNS in an AWS Virtual Private Cloud
In this Ask the Admin, I’ll show you how to get internal DNS resolution working in an Amazon Web Services Virtual Private Cloud (VPC).
In Manage IP Addressing with Virtual Private Clouds in Amazon Web Services on the Petri IT Knowledgebase, I demonstrated how to provision virtual machines (Elastic Compute instances) in a VPC, which is the equivalent of a virtual network in Microsoft Azure. In contrast to classic EC2 instances, VMs associated with a VPC are assigned an internal private IP address that remains with them throughout their entire lifecycle, which is important for some server workloads.
Obtaining a static IP address is a good start, but you’ll also need to consider how to get DNS name resolution working so that you can locate not only resources on the Internet, but also other VMs in your VPC. If you decide to use the internal DNS names automatically assigned to each instance, internal name resolution works out-of-the-box. If you want to set up Active Directory in your VMs, you’ll likely want to use a Windows DNS server, installed on a domain controller or dedicated VM. In this case, the DHCP settings for the VPC need to be modified.
DHCP Option Sets
VPCs are assigned a DHCP options set that’s configured to provide name resolution for Internet connectivity, and the internal DNS names automatically assigned to each instance. Otherwise known as Amazon Provided DNS, this server occupies the second IP address of your VPC’s assigned address block. For example, my VPC has a 10.0.0.0/16 subnet configured, and the IP address for Amazon Provided DNS is 10.0.0.2.
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
Create a New DHCP Options Set using PowerShell
Before running the commands below, you’ll need to set up the AWS Tools for Windows PowerShell on your PC. For information on how to do this, see Provision Windows Server in Amazon Web Services using PowerShell on the Petri IT Knowledgebase.
Open a PowerShell console, type get-ec2vpc and press ENTER. In the cmdlet output, make a note of the VpcId you want to configure, and the DhcpOptionsId assigned to it. To make the rest of the tutorial easier, I’m going to put my VpcId into a variable: $vpcId = “vpc-4eeb372b”, replacing vpc-4eeb372b with your VPC ID.
Unless you’ve changed the default settings for your VPC, both DNS and DHCP options should be enabled.
If you find that EnableDnsSupport isn’t set to true, enable it as follows:
To get a list of all the DHCP option sets in your AWS subscription, type Get-EC2DhcpOption and press ENTER. We have already established the DhcpOptionsId of the DHCP options set currently assigned to our VPC, so to check how its configuration run the cmdlet below, replacing dopt-2af8ef48 with the DhcpOptionsId you want to query.
In the output, you’ll see that only Amazon Provided DNS is configured. It’s not possible to modify an existing DHCP options set in AWS, so we’ll need to create a new one and associate with a VPC. To create a new DHCP option set, use the code below. I copied the value for the domain name option, us-west-2.compute.internal, from the default DHCP option set we queried above, and 10.0.137.249 is the IP address of the instance where I have my domain controller and AD integrated DNS installed.
Now I need to register the DHCP options set with my VPC. Only one DHCP options set can be registered with a VPC.
Run Get-EC2DhcpOption again and you’ll see a new DHCP options set in the list. Run the cmdlet below, replacing dopt-9b8663fe with the DhcpOptionsId of the new options set in your subscription, to check it was configured as expected.
You should see two values for domain-name-servers, the IP address you specified and AmazonProvidedDNS. Reboot VMs running in your VPC, or run ipconfig /renew on each VM to update the DHCP settings. If you run ipconfig /all in an affected VM, you’ll see the DNS servers assigned by DHCP have changed.