Beta

AWS Networking Fundamentals

Core Networking Services

DNS VPC

Discover how DNS resolution operates within AWS Virtual Private Clouds (VPCs) and how to configure DNS settings for your EC2 instances for reliable name resolution.

Domain Names for Private IP Addresses

When you launch an EC2 instance into a public or private subnet, AWS automatically assigns it a private IPv4 address (for example, 10.0.100.10). AWS also generates a DNS hostname that embeds this IP address. Clients can connect using either the private IP or the assigned DNS name.

The image is a diagram showing DNS in VPCs within an AWS Cloud, featuring four VPCs with different IP address ranges. Each VPC is labeled with its CIDR block and a specific IP address.

AWS-Provided DNS Servers

EC2 instances resolve these hostnames by querying the Amazon-provided DNS servers. AWS exposes two endpoints for DNS resolution within a VPC:

  • Link-local address: 169.254.169.253 (accessible from all instances)
  • VPC CIDR second IP: e.g., 10.10.0.2 in a 10.10.0.0/16 VPC or 10.20.0.2 in a 10.20.0.0/16 VPC

Instances can send queries to either endpoint interchangeably.

Note

In the default VPC, both DNS support and hostnames are enabled out of the box. Custom VPCs default to DNS support on and hostnames off.

VPC DNS Configuration Options

AWS provides two VPC attributes that control DNS behavior:

OptionDescriptionDefault Value
enableDnsSupportEnables DNS resolution via Amazon-provided DNS servers.true (all VPCs)
enableDnsHostnamesAssigns DNS hostnames to instances with public IP addresses.false for custom VPCs, true for default VPCs

You can modify these settings through the AWS Management Console, AWS CLI, or AWS SDKs.

The image shows two DNS options: "enableDnsHostnames" and "enableDnsSupport," each in a colored square.

Warning

Disabling enableDnsSupport prevents any DNS resolution within the VPC, which can break applications that rely on domain names.

Summary

  • Private IPv4 addresses are automatically mapped to DNS hostnames.
  • Amazon-provided DNS endpoints are available at 169.254.169.253 and the VPC CIDR’s second IP.
  • Use enableDnsHostnames to toggle DNS hostname assignment for instances with public IPs.
  • Use enableDnsSupport to enable or disable DNS resolution within the VPC.

The image is a summary slide with four points about DNS settings in AWS VPCs, including private IP assignments, DNS server access, and DNS support options.

Watch Video

Watch video content

Previous
Public vs Private Subnets
Next
DNS VPC Demo