"Best Practices for DNS Setup in AWS"

"Ensuring Reliable DNS Resolution for EC2 Instances"

Prev Question Next Question

Question

You have 3 EC2 Instances that have public IP's addresses that are mapped to DNS names in Route53

A peer administrator has advised that this may not be the ideal setup and that the DNS names could point to invalid IP addresses in the future.

Which of the following can help ensure that this issue does not happen.

Choose 2 answers from the options given below.

Each option forms part of the solution.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - B and C.

When the instance is stopped and started , the public IP assigned to the instance will change and hence this can result in broken DNS links.

The ideal scenario is to have Elastic IP addresses and map them to the DNS host names.

For more information on Elastic IP, please refer to the below URL:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html

The concern raised by the peer administrator is valid since public IP addresses can change when the instances are stopped or started. This can cause the DNS names associated with them to point to invalid IP addresses in the future. To avoid this, we can follow these steps:

  1. Create Elastic IP Addresses: An Elastic IP address is a static, public IPv4 address that can be assigned to AWS resources like EC2 instances. It allows you to associate a fixed public IP address with an EC2 instance, even if the instance is stopped and started again. Elastic IP addresses can be created and associated with EC2 instances in any region.

  2. Map DNS names to Elastic IP addresses: Map the DNS names in Route53 to the Elastic IP addresses you have created. This will ensure that the DNS names are always resolved to the correct IP addresses, even if the instances are stopped and started.

Therefore, the correct answers are B and C:

B. Create Elastic IP's and assign them to the EC2 Instances. C. Map the DNS names to the Elastic IP's.

Option A, mapping DNS names to private IP addresses, is not recommended since private IP addresses are not accessible from outside the VPC.

Option D, ensuring the instances receive private IP addresses, is not relevant in this case since the concern is about the DNS names pointing to invalid public IP addresses in the future, which can still happen even if the instances have valid private IP addresses.