AWS pfSense VPC DNS

Paddy

I am having problems with my EC2 instances resolving AWS hostnames.

The pfSense has 127.0.0.1, xxx.xxx.0.2, 8.8.8.8, 8.8.4.4 configured as the DNS servers.

xxx.xxx.1.0/24 is the WAN subnet and xxx.xxx.2.0/24 is the LAN

When I spin up a EC2 on the LAN side it automatically gets given xxx.xxx.0.2 as it's one and only DNS server

I still have the default allow all in the LAN.

I can't ping xxx.xxx.0.2 from any EC2 in the LAN or from the WAN interface on pfSense diagnostics.

Any ideas?

Patrick

stephenw10

What/where is xxx.xxx.0.2 since it's not in the WAN or LAN subnet?

Can things on LAN ping 8.8.8.8?

Steve

Paddy

@stephenw10 said in AWS pfSense VPC DNS:

What/where is xxx.xxx.0.2 since it's not in the WAN or LAN subnet?

Can things on LAN ping 8.8.8.8?

Steve

That's what I'm not getting. I created a VPC with a 16 bit network. The only Subnets I have created are xxx.xxx.1.0/24 and xxx.xxx.2.0/24.

The dhcp option set for the VPC contains;
domain-name: eu-west-1.compute.internal
domain-name-servers: AmazonProvidedDNS

I can resolve external hosts just not AWS internal. I spotted the problem trying to mount a efs

I've no idea what is going on.

Cheers,
Patrick

stephenw10

So the DNS server at xxx.xxx.0.2 is some external public IP? Not inside the VPC /16?

Paddy

@stephenw10 said in AWS pfSense VPC DNS:

So the DNS server at xxx.xxx.0.2 is some external public IP? Not inside the VPC /16?

No it is the within the 16bit network I specified for the VPC - it just isn't a subnet I have created.

This is what I followed to created this. (The subnets aren't the same tho);

youtube tutorial

stephenw10

Hmm, well if neither the clients or pfSense have a route to that subnet I'm not sure how they are expected to reach it. AWS routes it via the WAN side gateway?

Paddy

@stephenw10 said in AWS pfSense VPC DNS:

Hmm, well if neither the clients or pfSense have a route to that subnet I'm not sure how they are expected to reach it. AWS routes it via the WAN side gateway?

I'm stumped. I'll maybe post in the AWS forums as to how to resolve. Would hate to tear down and start again.

stephenw10

Start a ping to it. Check the state table. Where is the ping going?

Where is that subnet actually available if you haven't created it yet?

Steve

Paddy

@stephenw10 said in AWS pfSense VPC DNS:

Start a ping to it. Check the state table. Where is the ping going?

Where is that subnet actually available if you haven't created it yet?

Steve

Steve, once again many thanks for giving your time to help me.

I've got is working. I had DNS resolution enabled on the VPC, but not DNS hostnames. My EC2 still has XXX.XXX,0.2 as its dns server and I don't have a XXX.XXX.0.0 subnet. But its working now.