My private Amazon EC2 instance is running Amazon Linux, Ubuntu, or RHEL. How do I assign a static DNS server to the EC2 instance that persists during reboot?

Last updated: 2020-12-07

How can I configure an Amazon Elastic Compute Cloud (Amazon EC2) instance with static DNS server entries that persists during reboot?

Short description

By default, an Amazon EC2 instance associated with an Amazon Virtual Private Cloud (Amazon VPC) requests a DNS server address at startup using the Dynamic Host Configuration Protocol (DHCP). The DHCP response returns DNS server addresses written to the local /etc/resolv.conf file. Manual modifications to the resolv.conf file with custom DNS server addresses are lost when you restart the instance. The method that you use to solve this issue depends on your Linux distribution. For more information on VPCs and DNS servers, see Amazon DNS server.

Resolution

Important: Before changing your Amazon EC2 instance, create a backup using an Amazon Machine Image (AMI) or an Amazon Elastic Block Store (Amazon EBS) snapshot. Changing networking configurations for an instance might render the instance unreachable.

Amazon Linux, Amazon Linux 2

Use one of the following options to configure your Amazon EC2 instance. If you apply both options, then the DNS servers specified in the ifcfg-eth0 file take precedence (option 2).

For either option to work, the PEERDNS parameter value in the ifcfg-eth0 file must be set to yes. Setting the PEERDNS parameter to no means that the DNS servers specified in ifcfg-* files or provided by DHCP are ignored.

Option 1:

1.    Edit or create the /etc/dhcp/dhclient.conf file.

Note: You must have root user privileges to edit this file. Either become root with sudo -i or execute all commands with sudo.

2.    Add the supersede command to the file to override the domain-name-servers. In the following example, replace xxx.xxx.xxx.xxx with the IP address of the DNS server or servers that you want the instance to use:

supersede domain-name-servers xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx;

After the preceding modification, the resolv.conf file updates at instance reboot to contain only the DNS servers that you specified in the dhclient file. For more information about the supersede command, see dhclient.conf(5) on the Linux man page.

3.    Set the PEERDNS parameter to yes in your per-interface configuration files (/etc/sysconfig/network-scripts/ifcfg-*).

4.    Reboot the EC2 instance.

Option 2:

1.    To override DNS server values in the /etc/dhcp/dhclient.conf file, specify the custom DNS servers in the per-interface configuration files (/etc/sysconfig/network-scripts/ifcfg-*).

For example, the following example shows the /etc/sysconfig/network-scripts/ifcfg-eth0 file from an Amazon Linux instance modified to include two custom DNS servers (DNS1 and DNS2):

DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
PERSISTENT_DHCLIENT=yes
RES_OPTIONS="timeout:2 attempts:5"
DHCP_ARP_CHECK=no
MTU="9001"
DNS1=8.8.8.8
DNS2=8.8.4.4

2.    Set the PEERDNS parameter to yes in your per-interface configuration files (/etc/sysconfig/network-scripts/ifcfg-*).

Ubuntu 16.04

1.    Edit or create the /etc/dhcp/dhclient.conf file.

Note: You must have root user privileges to edit this file. Either become root with sudo -i or execute all commands with sudo.

2.    Add the supersede command to the file to override the domain-name-servers. In the following example, replace xxx.xxx.xxx.xxx with the IP address of the DNS server or servers that you want the instance to use:

supersede domain-name-servers xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx;

After this modification, the resolv.conf file updates at instance reboot to contain only the DNS servers that you specified in the dhclient file. For more information about the supersede command, see the dhclient.conf(5) on the Linux man page.

3.    Reboot the instance.

Ubuntu 18.04

By default on Ubuntu 18.04, the netplan.io package handles the network interface configuration, and the systemd-resolved service handles DNS queries using a stub resolver. The stub resolver IP is located in /etc/resolv.conf.

In turn, the /etc/resolv.conf file is a symlink to the /run/systemd/resolve/stub-resolv.conf file. The supersede statement in /etc/dhcp/dhclient.conf might not work as expected if either of the following is true for the /etc/resolv.conf file:

  • The file is not a symlink on your instance.
  • The file is a symlink pointing to a different file, such as /run/systemd/resolve/resolv.conf.

Either of these conditions indicate customization of the default Ubuntu 18.04 configuration.

Run the following steps to override the DNS server values:

1.    Netplan typically stores configuration files in /etc/netplan directory. Create a file named /etc/netplan/99-custom-dns.yaml, and then populate it with the following lines. Be sure to replace the placeholder DNS server IP addresses with your preferred addresses:

network:
    version: 2
    ethernets:
        eth0:         
            nameservers:
                    addresses: [1.2.3.4, 5.6.7.8]
            dhcp4-overrides:
                    use-dns: false

After these changes, you'll still see the stub resolver IP in /etc/resolv.conf. This is expected. The stub resolver IP is local to your operating system, and in the background, the stub resolver uses the DNS servers that you specified in the preceding 99-custom-dns.yaml file.

2.    Reboot the instance.

3.    Run the systemd-resolve command to confirm that the system picks up the intended DNS server IP addresses correctly:

systemd-resolve --status

RHEL 7.5

By default, the NetworkManager service manages the resolv.conf file. The service then populates the file with DNS servers provided by DHCP. Stop NetworkManager from managing the resolv.conf file so that the resolv.conf file ignores the DNS servers provided by DHCP.

Option 1:

1.    Edit or create the /etc/dhcp/dhclient.conf file.

Note: You must have root user privileges to edit this file. Either become root with sudo -i or execute all commands with sudo.

2.    Add the supersede command to the file to override the domain-name-servers. In the following example, replace xxx.xxx.xxx.xxx with the IP address of the DNS server or servers that you want the instance to use:

supersede domain-name-servers xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx;

After this modification, the resolv.conf file updates at instance reboot to contain only the DNS servers that you specified in the dhclient file. For more information about the supersede command, see the dhclient.conf(5) on the Linux man page.

3.    Set the PEERDNS parameter to yes in your per-interface configuration files (/etc/sysconfig/network-scripts/ifcfg-*).

4.    Reboot the instance.

Option 2:

1.    Create the /etc/NetworkManager/conf.d/disable-resolve.conf-managing.conf file with the following content:

[main]
dns=none

2.    Reboot the instance, and then populate the /etc/resolv.conf file manually.


Did this article help?


Do you need billing or technical support?