If you’ve worked with AWS VPCs and Route 53, I bet you’ve used or at least come across Private Hosted Zones. They’re incredibly useful when you want to create internal-only DNS records like resolving db.internal to an internal IP.
But what happens when your EC2 instance refuses to resolve the domain, even though everything seems to be wired up correctly?
That’s exactly what I faced recently, and this post is a quick walkthrough of what went wrong and how to fix it.
🔍 The Problem
I had:
- A Private Hosted Zone in Route 53 (say, myinternal.local)
- A VPC attached to that hosted zone
- An EC2 instance launched inside that VPC
- DNS record like api.myinternal.local created in the zone But inside the EC2 instance:
ping api.myinternal.local
It gave me:
ping: unknown host api.myinternal.local
⚙️ Root Cause (What Was Missing)
After debugging, the issue boiled down to two missing or misconfigured pieces:
- DNS Hostnames or DNS Support Disabled
If your VPC doesn't have DNS resolution and DNS hostnames enabled, the private DNS resolution will silently fail.
You can check and fix this from the VPC → Actions → Edit DNS Resolution/Hostnames in the AWS Console or use the CLI:
aws ec2 modify-vpc-attribute --vpc-id vpc-xxxxxx --enable-dns-support "{\"Value\":true}" aws ec2 modify-vpc-attribute --vpc-id vpc-xxxxxx --enable-dns-hostnames "{\"Value\":true}"
- Instance Launched in Wrong Subnet or VPC
Make sure your EC2 instance is in the same VPC that’s attached to the private hosted zone.
Route 53 private hosted zones don’t resolve from any instance — they only resolve from the specific VPC(s) they're associated with.
🧪 How I Debugged It
Here's how I approached the problem:
Tested with dig and nslookup:
dig api.myinternal.local
This gave me no answer section, confirming DNS resolution was failing completely.
Verified /etc/resolv.conf on the EC2 instance:
It was using AmazonProvidedDNS (i.e., .2 address), so the default resolver was correct.Checked VPC settings:
DNS support and DNS hostnames were disabled by default on this VPC.Re-enabled those flags and restarted networking on the EC2 instance:
sudo systemctl restart network
DNS resolution magically started working.
Top comments (0)