AWS DNS Issues

sgtech · February 13, 2024, 7:25pm

I’ve been working on replacing a openvpn server in AWS server with a Pritunl one. I’ve been able to use the openvpn server and Pritunl client with internal AWS/private hosted zone endpoints before but I’m running into issues with using Pritunl as the server. If I resolve the IP of the endpoints I can hit them directly, this is only a DNS issue and I’m unsure what troubleshooting steps I should move onto.

I’m noticing that on my test clients they all get different DNS issues, some can resolve any of the internal AWS URLs like xyz.rds.amazonaws.com but not our internal private hosted zones e.g. internal.ourdomain.xyz and some vice versa and some can’t resolve any endpoints.

The Pritunl server settings currently are

The first DNS server is the second IP in the VPC, 10.13.0.2, 8.8.8.8
Enabled DNS Routing
Enabled Restrict Routing
Enabled Block Outside DNS

zach · February 14, 2024, 10:26pm

Client DNS mapping may need to be enabled. Client DNS mapping will start the Pritunl DNS service and all DNS request will proxy through the Pritunl server. There are known issues with the AWS DNS server that are fixed by using this.

The DNS servers in the server settings should have only one server. Newer versions of macOS will prioritize a DNS server with newer features like DNSSEC. This will cause the macOS clients to always use 8.8.8.8.

sgtech · March 1, 2024, 5:50am

Thank you for the info, I’m also curious if anyone has manually setup a DNS server specifically to resolve this AWS DNS issue.