cancel
Showing results for 
Search instead for 
Did you mean: 

DNS request times out when looking up addresses in AWS private address space

jgresty
Newbie
Posts: 2
Registered: ‎15-09-2020

DNS request times out when looking up addresses in AWS private address space

Any service which we host on AWS which does not have a public IP doesn't resolve using the DNS settings provided by Plusnet:

dig @192.168.1.254 git.zaptic.com

; <<>> DiG 9.16.12 <<>> @192.168.1.254 git.zaptic.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

 

Using an alternative public DNS provider resolves instantly. This only stated happening recently.

 

Alternatively is there any way to configure the DHCP server to supply an alternative DNS host or will I have to configure each client myself?

1 REPLY 1
seebee
Dabbler
Posts: 22
Thanks: 14
Fixes: 3
Registered: ‎08-07-2017

Re: DNS request times out when looking up addresses in AWS private address space

Interesting.
PlusNet's four DNS servers 212.159.13.49 or 212.159.13.50 or 212.159.6.9 or 212.159.6.10
don't provide an answer, as you noted:

dig @212.159.13.49 git.zaptic.com.

however
PlusNet's two Safeguard DNS servers 213.120.234.42 or 213.120.234.38
and the public DNS servers I tried
1.1.1.1 or 8.8.8.8 or 9.9.9.9 or 4.2.2.2 or 208.67.222.222 etc
do all provide the answer

dig @8.8.8.8 git.zaptic.com.
git.zaptic.com.         299     IN      A       172.31.45.2

but, my own router running OpenWrt stops the answer passing through with a log error of "dnsmasq[...]: possible DNS-rebind attack detected: git.zaptic.com" because as you mentioned, it isn't a public IP address, it's in the private address space of RFC1918 & RFC6761:
10.0.0.0        -   10.255.255.255  (10/8 prefix)
172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

So I'm tempted to think that it is correct for an Internet DNS server to not provide an answer, as you couldn't reach there on the Internet anyway.

Interesting that the the public ones and the Safeguard ones do answer.

As for setting your routers DHCP settings to hand out alternate DNS servers, I think that some PlusNet routers can do that (perhaps the 2704n can) but I think I've also read that other ones PlusNet provide can't - you'd have to set the DNS servers on your PC instead for example. (I'm not currently using a router supplied by PlusNet)