Using DNS with Your VPC
Amazon EC2 instances need IP addresses to communicate. Public IPv4 addresses enable communication over the Internet, while private IPv4 addresses enable communication within the network of the instance (either EC2-Classic or a VPC). For more information, see IP Addressing in Your VPC
Domain Name System (DNS) is a standard by which names used on the Internet are resolved to their corresponding IP addresses. A DNS hostname is a name that uniquely and absolutely names a computer; it's composed of a host name and a domain name. DNS servers resolve DNS hostnames to their corresponding IP addresses.
We provide an Amazon DNS server. To use your own DNS server, update the DHCP options set for your VPC. For more information, see DHCP Options Sets.
When you launch an instance into a default VPC, we provide the instance with public and private DNS hostnames that correspond to the public IPv4 and private IPv4 addresses for the instance. When you launch an instance into a nondefault VPC, we provide the instance with a private DNS hostname and we might provide a public DNS hostname, depending on the settings you specify for the VPC and for the instance.
A private (internal) DNS hostname resolves to the private IPv4 address of the instance,
and takes the form
ip- for the
us-east-1 region, and
for other regions (where
reverse lookup IP address). You can use the private DNS hostname for communication between
instances in the same network, but we can't resolve the DNS hostname outside the network that
the instance is in.
A public (external) DNS hostname takes the form
for the us-east-1 region, and
for other regions. We resolve a public DNS hostname to the public IPv4 address of the instance
outside the network of the instance, and to the private IPv4 address of the instance from
within the network of the instance.
We do not provide DNS hostnames for IPv6 addresses.
DNS Support in Your VPC
Your VPC has attributes that determine whether your instance receives public DNS
hostnames, and whether DNS resolution through the Amazon DNS server is supported. Be sure to
set both attributes to
true if you want your instances to have public DNS
hostnames that are accessible from the Internet.
Indicates whether the instances launched in the VPC get public DNS hostnames. If
this attribute is
Indicates whether the DNS resolution is supported for the VPC. If this attribute
By default, DNS hostnames are enabled only for default VPCs and VPCs that you create using the VPC wizard in the VPC console.
The Amazon DNS server can resolve private DNS hostnames to private IPv4 addresses for all address spaces, including where the IPv4 address range of your VPC falls outside of the private IPv4 addresses ranges specified by RFC 1918.
If you created your VPC before October 2016, the Amazon DNS server does not resolve private DNS hostnames if your VPC's IPv4 address range falls outside of the private IPv4 addresses ranges specified by RFC 1918. If you want to enable the Amazon DNS server to resolve private DNS hostnames for these addresses, contact AWS Support.
If you enable DNS hostnames and DNS support in a VPC that didn't previously support them, an instance that you already launched into that VPC gets a public DNS hostname if it has a public IPv4 address or an Elastic IP address.
For information about DNS support for private hosted zones, see Using Private Hosted Zones.
Viewing DNS Hostnames for Your EC2 Instance
You can view the DNS hostnames for a running instance or a network interface using the Amazon EC2 console or the command line.
To view DNS hostnames for an instance using the console
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
In the navigation pane, choose Instances.
Select your instance from the list.
In the details pane, the Public DNS (IPv4) and Private DNS fields display the DNS hostnames, if applicable.
To view the private DNS hostname for a network interface using the console
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
In the navigation pane, choose Network Interfaces.
Select the network interface from the list.
In the details pane, the Private DNS (IPv4) field displays the private DNS hostname.
Updating DNS Support for Your VPC
You can view and update the DNS support attributes for your VPC using the Amazon VPC console.
To describe and update DNS support for a VPC using the console
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, choose Your VPCs.
Select the VPC from the list.
Review the information in the Summary tab. In this example, both settings are enabled.
To update these settings, choose Actions and either Edit DNS Resolution or Edit DNS Hostnames. In the dialog box that opens, choose Yes or No, and Save.
To describe DNS support for a VPC using the command line
You can use one of the following commands. For more information about these command line interfaces, see Accessing Amazon VPC.
Using Private Hosted Zones
If you want to access the resources in your VPC using custom DNS domain names, such as example.com, instead of using private IPv4 addresses or AWS-provided private DNS hostnames, you can create a private hosted zone in Amazon Route 53. A private hosted zone is a container that holds information about how you want to route traffic for a domain and its subdomains within one or more VPCs without exposing your resources to the Internet. You can then create Amazon Route 53 resource record sets, which determine how Amazon Route 53 responds to queries for your domain and subdomains. For example, if you want browser requests for example.com to be routed to a web server in your VPC, you'll create an A record in your private hosted zone and specify the IP address of that web server. For more information about creating a private hosted zone, see Working with Private Hosted Zones in the Amazon Route 53 Developer Guide.
To access resources using custom DNS domain names, you must be connected to an instance
within your VPC. From your instance, you can test that your resource in your private hosted
zone is accessible from its custom DNS name by using the
ping command; for
ping mywebserver.example.com. (You must ensure that your instance's
security group rules allow inbound ICMP traffic for the
ping command to
You can access a private hosted zone from an EC2-Classic instance that is linked to your VPC via ClassicLink, provided your VPC is enabled for ClassicLink DNS support. For more information, see Enabling ClassicLink DNS Support in the Amazon EC2 User Guide for Linux Instances. Otherwise, private hosted zones do not support transitive relationships outside of the VPC; for example, you cannot access your resources using their custom private DNS names from the other side of a VPN connection.
If you are using custom DNS domain names defined in a private hosted zone in Amazon Route 53, you
must set the following VPC attributes to
enableDnsSupport. For more information, see Updating DNS Support for Your VPC.