如何让 AWS Client VPN 使用 VPC 对等私有托管区域来解析 DNS
[英]How do I get AWS Client VPN to resolve DNS using VPC-peered Private Hosted Zone
问题描述
I have a VPC in my AWS account peered to a VPC of a partners account.
我的 AWS 账户中有一个 VPC,与合作伙伴账户的 VPC 对等。 The partner account has Route 53 resolvers to resolve DNS within domain.com to IPs in their peered VPC.合作伙伴账户具有 Route 53 解析器,可将 domain.com 内的 DNS 解析为其对等 VPC 中的 IP。
I've associated my VPC with their private hosted zone.我已将我的 VPC 与他们的私有托管区域相关联。
Within my VPC (for example SSH into an EC2 instance), the DNS resolution for foo.bar.domain.com works great - I'm resolving & connecting to the resources in their VPC as expected.在我的 VPC 中(例如 SSH 到 EC2 实例中),foo.bar.domain.com 的 DNS 解析效果很好 - 我正在解析并连接到他们的 VPC 中的资源。
However, when I'm running and AWS client VPN on my personal machine, I'm unable to resolve the foo.bar.domain.com to the same private IP address through the VPN.但是,当我在我的个人计算机上运行 AWS 客户端 VPN 时,我无法通过 VPN 将 foo.bar.domain.com 解析为相同的私有 IP 地址。 So, for example, running a development server on my machine connected to the partner VPC URLs is failing.因此,例如,在连接到合作伙伴 VPC URL 的计算机上运行开发服务器失败。
I've tried hosting a DNS server in the VPC with a zone forwarding rule pointing to the Route 53 IPs.我尝试在 VPC 中托管 DNS 服务器,并使用指向 Route 53 IP 的区域转发规则。
I've tried setting the VPN DNS server IP to the Route 53 IPs.我尝试将 VPN DNS 服务器 IP 设置为 Route 53 IP。
But none of that has worked.但这些都没有奏效。 Help would be appreciated?帮助将不胜感激?
1 个解决方案
解决方案1
10 已采纳 2020-08-14 02:45:00
The answer was simpler than I thought: I just had to set the DNS server in the AWS Client VPN Endpoint settings to be the private IP address of my VPC's DNS (which is always the VPC's CIDR +2).答案比我想象的要简单:我只需在 AWS 客户端 VPN 终端节点设置中将 DNS 服务器设置为我的 VPC 的 DNS 的私有 IP 地址(它始终是 VPC')。
Client VPN Endpoints > Modify Client VPN Endpoint > Other optional parameters -> Enable DNS Servers -> IP Address客户端 VPN 端点 > 修改客户端 VPN 端点 > 其他可选参数 -> 启用 DNS 服务器 -> IP 地址
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.