DNS request times out when looking up addresses in AWS private address space
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Fibre Broadband
- :
- DNS request times out when looking up addresses in...
DNS request times out when looking up addresses in AWS private address space
03-03-2021 11:18 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Any service which we host on AWS which does not have a public IP doesn't resolve using the DNS settings provided by Plusnet:
dig @192.168.1.254 git.zaptic.com
; <<>> DiG 9.16.12 <<>> @192.168.1.254 git.zaptic.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
Using an alternative public DNS provider resolves instantly. This only stated happening recently.
Alternatively is there any way to configure the DHCP server to supply an alternative DNS host or will I have to configure each client myself?
Re: DNS request times out when looking up addresses in AWS private address space
03-03-2021 1:19 PM - edited 03-03-2021 1:20 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Interesting.
PlusNet's four DNS servers 212.159.13.49 or 212.159.13.50 or 212.159.6.9 or 212.159.6.10
don't provide an answer, as you noted:
dig @212.159.13.49 git.zaptic.com.
however
PlusNet's two Safeguard DNS servers 213.120.234.42 or 213.120.234.38
and the public DNS servers I tried
1.1.1.1 or 8.8.8.8 or 9.9.9.9 or 4.2.2.2 or 208.67.222.222 etc
do all provide the answer
dig @8.8.8.8 git.zaptic.com.
git.zaptic.com. 299 IN A 172.31.45.2
but, my own router running OpenWrt stops the answer passing through with a log error of "dnsmasq[...]: possible DNS-rebind attack detected: git.zaptic.com" because as you mentioned, it isn't a public IP address, it's in the private address space of RFC1918 & RFC6761:
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
So I'm tempted to think that it is correct for an Internet DNS server to not provide an answer, as you couldn't reach there on the Internet anyway.
Interesting that the the public ones and the Safeguard ones do answer.
As for setting your routers DHCP settings to hand out alternate DNS servers, I think that some PlusNet routers can do that (perhaps the 2704n can) but I think I've also read that other ones PlusNet provide can't - you'd have to set the DNS servers on your PC instead for example. (I'm not currently using a router supplied by PlusNet)
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Fibre Broadband
- :
- DNS request times out when looking up addresses in...