Pooja shows you how to assign a custom
DNS server that persists across reboots
to an Amazon EC2 instance

Pooja_BLR0718

How can I configure an Amazon Elastic Compute Cloud (Amazon EC2) instance with static DNS server entries so that it persists when the instance is rebooted?

The default behavior for an Amazon EC2 instance associated with an Amazon Virtual Private Cloud (VPC) is to request a DNS server address at startup using the Dynamic Host Configuration Protocol (DHCP). The DNS server addresses returned in the DHCP response are written to the local /etc/resolv.conf file. Manual modifications to the resolv.conf file with custom DNS server addresses will be lost when the EC2 instance is restarted. How you solve this issue depends on your Linux distribution. For more information on VPCs and DNS servers, see Amazon DNS Server.

Important: It's a best practice that you create a backup of your EC2 instance using an Amazon Machine Image (AMI) or an Amazon Elastic Block Store (Amazon EBS) snapshot. Changing networking configuration for an instance might render the instance unreachable.

Amazon Linux, Amazon Linux 2

Use one of the following two options to configure your Amazon EC2 instance. If you apply both options, then the DNS servers specified in the ifcfg-eth0 file will take precedence (option 2).

For either option to work, the PEERDNS parameter value in the ifcfg-eth0 file must be set to yes. If the PEERDNS parameter is set to no, then the system will be prevented from updating the /etc/resolv.conf file using the custom DNS servers specified in the per-interface configuration files or with information provided by the DHCP.

Option 1

1.    Edit, or create, the /etc/dhcp/dhclient.conf file.

Note: Editing this file must be done with root user privileges. Either become root with "sudo -i" or execute all commands with "sudo".

2.    Add the supersede command to the file to override the domain-name-servers. In the following example, replace xxx.xxx.xxx.xxx with the IP address of the DNS server, or servers, that you want the instance to use:

supersede domain-name-servers xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx;

Because of this modification, when the instance is rebooted, the resolv.conf file will be updated to contain only the DNS servers that you specified in the dhclient file. For more information about the supersede command, see the dhclient.conf(5) – Linux man page.

3.    Set the PEERDNS parameter to yes in your per-interface configuration files (/etc/sysconfig/network-scripts/ifcfg-*).

4.    Reboot the EC2 instance.

Option 2

1.    To override DNS server values in the /etc/dhcp/dhclient.conf file, specify the custom DNS servers in the per-interface configuration files (/etc/sysconfig/network-scripts/ifcfg-*).

For example, the following /etc/sysconfig/network-scripts/ifcfg-eth0 file from an Amazon Linux instance is modified to include two custom DNS servers (DNS1 and DNS2):

DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
PERSISTENT_DHCLIENT=yes
RES_OPTIONS="timeout:2 attempts:5"
DHCP_ARP_CHECK=no
MTU="9001"
DNS1=8.8.8.8
DNS2=8.8.4.4

2.    Set the PEERDNS parameter to yes in your per-interface configuration files (/etc/sysconfig/network-scripts/ifcfg-*).

Ubuntu 16.04
1.    Edit, or create, the /etc/dhcp/dhclient.conf file.

Note: Editing this file must be done with root user privileges. Either become root with "sudo -i" or execute all commands with "sudo".

2.    Add the supersede command to the file to override the domain-name-servers. In the following example, replace xxx.xxx.xxx.xxx with the IP address of the DNS server, or servers, that you want the instance to use:

supersede domain-name-servers xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx;

Because of this modification, when the instance is rebooted, the resolv.conf file will be updated to contain only the DNS servers that you specified in the dhclient file. For more information about the supersede command, see the dhclient.conf(5) – Linux man page.

3.    Reboot the EC2 instance.

Ubuntu 18.04

By default on Ubuntu 18.04, the network interface configuration is handled by the netplan.io package, and the systemd-resolved service is enabled to handle DNS queries using a stub resolver. The stub resolver IP is located in /etc/resolv.conf.

In turn, the /etc/resolv.conf file is a symlink to the /run/systemd/resolve/stub-resolv.conf file. The supersede statement in /etc/dhcp/dhclient.conf might not work as expected if either of the following is true for the /etc/resolv.conf file:

  • The file is not a symlink on your instance.
  • The file is a symlink pointing to a different file, such as /run/systemd/resolve/resolv.conf.

Either of these conditions indicate that the default Ubuntu 18.04 configuration has been customized.

Option 1

Run the following steps to override the DNS server values:

1.    Remove the existing netplan.io package, and then compile and install a new version available from the netplan GitHub:

https://github.com/CanonicalLtd/netplan

Note: The netplan.io package for version 0.36.3 that is available on Ubuntu repositories doesn't have an option to override DNS server values provided by the DHCP.

2.    Modify the netplan interface configuration files, usually located in the /etc/netplan directory.

3.    Create a file named /etc/netplan/99-custom-dns.yaml, and then populate it with the following lines. Be sure to replace the placeholder DNS server IP addresses with your preferred ones:

network:
    version: 2
    ethernets:
        eth0:         
            nameservers:
                    addresses: [1.2.3.4, 5.6.7.8]
            dhcp4-overrides:
                    use-dns: false

After these changes, you'll still see the stub resolver IP in /etc/resolv.conf. This is expected. The stub resolver IP is local to your operating system, and in the background, the stub resolver will use the DNS servers you specified in the preceding 99-custom-dns.yaml file.

4.    Run the systemd-resolve command to confirm that the intended DNS server IP addresses are being picked up correctly:

systemd-resolve --status

Option 2

1.    Remove the existing netplan.io package, and then install the ifupdown package from Ubuntu to manage network interface configuration instead.

2.    Manually recreate and populate the /etc/network/interfaces configuration file and the files in the /etc/network/interfaces.d directory.

This example is the default file content from an Ubuntu 18.04 instance with a single interface:

/etc/network/interfaces
source /etc/network/interfaces.d/*.cfg

/etc/network/interfaces.d/50-cloud-init.cfg
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

Alternatively, you can have cloud-init automatically regenerate the files in /etc/network/interfaces.d. To do this, be sure that the /etc/network/interfaces file exists and has the following contents:

source /etc/network/interfaces.d/*.cfg

3.    Run the cloud-init command with the clean parameter to regenerate the missing files on the next reboot:

cloud-init clean

Caution! Running the clean parameter runs the cloud-init command as if your instance was just created, and you can lose modifications you applied to any cloud-init managed files.

4.    Confirm that the /etc/netplan directory is deleted, and then follow the steps under the Amazon Linux, Amazon Linux 2 section at the beginning of this article.

RHEL 7.5

By default, the resolv.conf file is managed by the NetworkManager service. The service then populates the file with DNS servers provided by DHCP. You can stop NetworkManager from managing the resolv.conf file, which will make sure that the DNS servers provided by DHCP are ignored.

Option 1

1.    Edit, or create, the /etc/dhcp/dhclient.conf file.

Note: Editing this file must be done with root user privileges. Either become root with "sudo -i" or execute all commands with "sudo".

2.    Add the supersede command to the file to override the domain-name-servers. In the following example, replace xxx.xxx.xxx.xxx with the IP address of the DNS server, or servers, that you want the instance to use:

supersede domain-name-servers xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx;

Because of this modification, when the instance is rebooted, the resolv.conf file will be updated to contain only the DNS servers that you specified in the dhclient file. For more information about the supersede command, see the dhclient.conf(5) – Linux man page.

3.    Set the PEERDNS parameter to yes in your per-interface configuration files (/etc/sysconfig/network-scripts/ifcfg-*).

4.    Reboot the EC2 instance.

Option 2

1.    Create the /etc/NetworkManager/conf.d/disable-resolve.conf-managing.conf file with the following content:

[main]
dns=none

2.    Reboot the EC2 instance, and then populate the /etc/resolv.conf file manually.


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center.

Published: 2015-11-06

Updated: 2019-02-28