My private Amazon EC2 instance is running Amazon Linux, Ubuntu, or RHEL. How do I assign a static DNS server to the EC2 instance that persists during reboot?

Short description

By default, Amazon EC2 instances associated with an Amazon Virtual Private Cloud (Amazon VPC) request a DNS server address at startup. This request is sent using the Dynamic Host Configuration Protocol (DHCP). The DHCP response returns DNS server addresses written to the local /etc/resolv.conf file. Manual modifications to the resolv.conf file with custom DNS server addresses are lost when you restart the instance. The method that you use to solve this issue depends on your Linux distribution. For more information on VPCs and DNS servers, see DHCP option sets in Amazon VPC.

Resolution

Important: Before changing your EC2 instance, create a backup using an Amazon Machine Image (AMI) or an Amazon Elastic Block Store (Amazon EBS) snapshot. Changing networking configurations for an instance might render the instance unreachable.

Amazon Linux 2023

Amazon Linux 2023 uses systemd-resolved. For more information, see resolved.conf(5) on the archlinux.org website..

Configure the resolver

Edit the /etc/systemd/resolved.conf file and change the DNS and Domain options:

# /etc/systemd/resolved.conf

[Resolve]
DNS=8.8.8.8
Domains=~.

Or, create a drop-in. For example, /etc/systemd/resolved.conf.d/dns_servers.conf.

#/etc/systemd/resolved.conf.d/dns_servers.conf

[Resolve]
DNS=8.8.8.8 8.8.4.4
Domains=~.

Note: Keep the following in mind when setting the Domains=~. option in resolved.conf(5):

• If the Domains=~. option isn't set, then systemd-resolved might use the per-link DNS servers set in the per-link configuration.
• The Domains=~. option doesn't affect queries of domain names that match the more specific search domains specified in per-link configurations. Domain names still resolve using their respective per-link DNS servers.

For more information on per-link configuration, see systemd-networkd#network files on the archlinux.org website.

Change the location /etc/resolv.conf points to

By default, /etc/resolv.conf points to the localhost stub resolver. To change this, recreate the file with different contents or pointing somewhere other than the localhost stub resolver. For example, you can point to /run/systemd/resolve/resolv.conf, which contains a flattened list of servers used by systemd-resolved.

You can test your configuration using the resolvectl status command and, for example, resolvectl query amazonaws.com and review the output.

Amazon Linux, Amazon Linux 2

Use one of the following options to configure your Amazon EC2 instance. If you apply both options, then the DNS servers specified in the ifcfg-eth0 file take precedence (option 2).

For either option to work, the PEERDNS parameter value in the ifcfg-eth0 file must be set to yes. Setting the PEERDNS parameter to no means that the DNS servers specified in ifcfg-* files or provided by DHCP are ignored.

Option 1:

1.    Edit or create the /etc/dhcp/dhclient.conf file.

Note: You must have root user privileges to edit this file. Either become root with sudo -i or implement all commands with sudo.

2.    Add the supersede command to the file to override the domain-name-servers. In the following example, replace xxx.xxx.xxx.xxx with the IP address of the DNS server or servers that you want the instance to use:

supersede domain-name-servers xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx;

After the preceding modification, the resolv.conf file updates at instance reboot to contain only the DNS servers that you specified in the dhclient file. For more information about the supersede command, see dhclient.conf(5) on the Linux man page.

3.    Set the PEERDNS parameter to yes in your per-interface configuration files (/etc/sysconfig/network-scripts/ifcfg-*).

4.    Reboot the EC2 instance.

Option 2:

1.    To override DNS server values in the /etc/dhcp/dhclient.conf file, specify the custom DNS servers in the per-interface configuration files ( /etc/sysconfig/network-scripts/ifcfg-*).

For example, the following example shows the /etc/sysconfig/network-scripts/ifcfg-eth0 file from an Amazon Linux instance modified to include two custom DNS servers ( DNS1 and DNS2):

DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
PERSISTENT_DHCLIENT=yes
RES_OPTIONS="timeout:2 attempts:5"
DHCP_ARP_CHECK=no
MTU="9001"
DNS1=8.8.8.8
DNS2=8.8.4.4

2.    Set the PEERDNS parameter to yes in your per-interface configuration files ( /etc/sysconfig/network-scripts/ifcfg-*).

Ubuntu 16.04

1.    Edit or create the /etc/dhcp/dhclient.conf file.

Note: You must have root user privileges to edit this file. Either become root with sudo -i or implement all commands with sudo.

2.    Add the supersede command to the file to override the domain-name-servers. In the following example, replace xxx.xxx.xxx.xxx with the IP address of the DNS server or servers that you want the instance to use:

supersede domain-name-servers xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx;

After this modification, the resolv.conf file updates at instance reboot to contain only the DNS servers that you specified in the dhclient file. For more information about the supersede command, see the dhclient.conf(5) on the Linux man page.

3.    Reboot the instance.

Ubuntu 18.04

By default on Ubuntu 18.04, the netplan.io package handles the network interface configuration, and the systemd-resolved service handles DNS queries using a stub resolver. The stub resolver IP is located in /etc/resolv.conf.

In turn, the /etc/resolv.conf file is a symlink to the /run/systemd/resolve/stub-resolv.conf file. The supersede statement in /etc/dhcp/dhclient.conf might not work as expected if either of the following is true for the /etc/resolv.conf file:

• The file is not a symlink on your instance.
• The file is a symlink pointing to a different file, such as /run/systemd/resolve/resolv.conf.

Either of these conditions indicate customization of the default Ubuntu 18.04 configuration.

Run the following steps to override the DNS server values:

1.    Netplan typically stores configuration files in /etc/netplan directory. Create a file named /etc/netplan/99-custom-dns.yaml, and then populate it with the following lines. Be sure to replace the placeholder DNS server IP addresses with your preferred addresses:

cat << 'EOF' | sudo tee /etc/netplan/99-custom-dns.yaml
network:
  version: 2
  ethernets:
    ens5:
      nameservers:
        addresses: [1.1 .1 .1, 1.0 .0 .1]
      dhcp4-overrides:
        use-dns: false
        use-domains: false
EOF

Note: In the previous example, the interface is specified as ens5. Be sure that the interface name matches the interface of your setup. To see your interface name, use the ip a command.

2.    Run the following command:

netplan generate

After these changes, you still see the stub resolver IP in /etc/resolv.conf. This is expected. The stub resolver IP is local to your operating system. In the background, the stub resolver uses the DNS servers that you specified in the preceding 99-custom-dns.yaml file.

3.    Reboot the instance.

4.    Run the systemd-resolve command to confirm that the system picks up the intended DNS server IP addresses correctly:

systemd-resolve --status

RHEL 7.5

By default, the NetworkManager service manages the resolv.conf file. The service then populates the file with DNS servers provided by DHCP. Stop NetworkManager from managing the resolv.conf file so that the resolv.conf file ignores the DNS servers provided by DHCP.

Option 1:

1.    Edit or create the /etc/dhcp/dhclient.conf file.

Note: You must have root user privileges to edit this file. Either become root with sudo -i or implement all commands with sudo.

2.    Add the supersede command to the file to override the domain-name-servers. In the following example, replace xxx.xxx.xxx.xxx with the IP address of the DNS server or servers that you want the instance to use:

supersede domain-name-servers xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx;

After this modification, the resolv.conf file updates at instance reboot to contain only the DNS servers that you specified in the dhclient file. For more information about the supersede command, see the dhclient.conf(5) on the Linux man page.

3.    Set the PEERDNS parameter to yes in your per-interface configuration files ( /etc/sysconfig/network-scripts/ifcfg-*).

4.    Reboot the instance.

Option 2:

1.    Create the /etc/NetworkManager/conf.d/90-dns-none.conf file with the following content:

[main]
dns=none

2.    Reboot the instance, and then populate the /etc/resolv.conf file manually.

Related information

networkmanager.conf(5) (Linux man page)