My private Amazon EC2 instance is running Amazon Linux, Ubuntu, or RHEL. How do I assign a static DNS server to the EC2 instance that persists during reboot?

Last updated: 2020-01-23

How can I configure an Amazon Elastic Compute Cloud (Amazon EC2) instance with static DNS server entries that persist when the instance is rebooted?

Short Description

The default behavior of an Amazon EC2 instance associated with an Amazon Virtual Private Cloud (Amazon VPC) is to request a DNS server address at startup using the Dynamic Host Configuration Protocol (DHCP). The DNS server addresses returned in the DHCP response are written to the local /etc/resolv.conf file. Manual modifications to the resolv.conf file with custom DNS server addresses are lost when the instance is restarted. The method that you use to solve this issue depends on your Linux distribution. For more information on VPCs and DNS servers, see Amazon DNS Server.

Resolution

Important: Before you change your Amazon EC2 instance, create a backup using an Amazon Machine Image (AMI) or an Amazon Elastic Block Store (Amazon EBS) snapshot. Changing networking configuration for an instance might render the instance unreachable.

Amazon Linux, Amazon Linux 2

Use one of the following options to configure your Amazon EC2 instance. If you apply both options, then the DNS servers specified in the ifcfg-eth0 file take precedence (option 2).

For either option to work, the PEERDNS parameter value in the ifcfg-eth0 file must be set to yes. Setting the PEERDNS parameter to no means that the DNS servers specified in ifcfg-* files or provided by DHCP are ignored.

Option 1

1.    Edit or create the /etc/dhcp/dhclient.conf file.

Note: You must have AWS account root user privileges to edit this file. Either become root with "sudo -i" or execute all commands with "sudo".

2.    Add the supersede command to the file to override the domain-name-servers. In the following example, replace xxx.xxx.xxx.xxx with the IP address of the DNS server or servers that you want the instance to use:

supersede domain-name-servers xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx;

Because of this modification, when the instance is rebooted, the resolv.conf file is updated to contain only the DNS servers that you specified in the dhclient file. For more information about the supersede command, see the dhclient.conf(5) – Linux man page.

3.    Set the PEERDNS parameter to yes in your per-interface configuration files (/etc/sysconfig/network-scripts/ifcfg-*).

4.    Reboot the EC2 instance.

Option 2

1.    To override DNS server values in the /etc/dhcp/dhclient.conf file, specify the custom DNS servers in the per-interface configuration files (/etc/sysconfig/network-scripts/ifcfg-*).

For example, the following /etc/sysconfig/network-scripts/ifcfg-eth0 file from an Amazon Linux instance is modified to include two custom DNS servers (DNS1 and DNS2):

DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
PERSISTENT_DHCLIENT=yes
RES_OPTIONS="timeout:2 attempts:5"
DHCP_ARP_CHECK=no
MTU="9001"
DNS1=8.8.8.8
DNS2=8.8.4.4

2.    Set the PEERDNS parameter to yes in your per-interface configuration files (/etc/sysconfig/network-scripts/ifcfg-*).

Ubuntu 16.04

1.    Edit or create the /etc/dhcp/dhclient.conf file.

Note: Editing this file must be done with root user privileges. Either become root with "sudo -i" or execute all commands with "sudo".

2.    Add the supersede command to the file to override the domain-name-servers. In the following example, replace xxx.xxx.xxx.xxx with the IP address of the DNS server or servers that you want the instance to use:

supersede domain-name-servers xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx;

Because of this modification, when the instance is rebooted, the resolv.conf file is updated to contain only the DNS servers that you specified in the dhclient file. For more information about the supersede command, see the dhclient.conf(5) – Linux man page.

3.    Reboot the instance.

Ubuntu 18.04

By default on Ubuntu 18.04, the network interface configuration is handled by the netplan.io package, and the systemd-resolved service is enabled to handle DNS queries using a stub resolver. The stub resolver IP is located in /etc/resolv.conf.

In turn, the /etc/resolv.conf file is a symlink to the /run/systemd/resolve/stub-resolv.conf file. The supersede statement in /etc/dhcp/dhclient.conf might not work as expected if either of the following is true for the /etc/resolv.conf file:

  • The file is not a symlink on your instance.
  • The file is a symlink pointing to a different file, such as /run/systemd/resolve/resolv.conf.

Either of these conditions indicate that the default Ubuntu 18.04 configuration is customized.

Run the following steps to override the DNS server values:

1.    Netplan typically stores configuration files in /etc/netplan directory. Create a file named /etc/netplan/99-custom-dns.yaml, and then populate it with the following lines. Be sure to replace the placeholder DNS server IP addresses with your preferred addresses:

network:
    version: 2
    ethernets:
        eth0:         
            nameservers:
                    addresses: [1.2.3.4, 5.6.7.8]
            dhcp4-overrides:
                    use-dns: false

After these changes, you'll still see the stub resolver IP in /etc/resolv.conf. This is expected. The stub resolver IP is local to your operating system, and in the background, the stub resolver uses the DNS servers that you specified in the preceding 99-custom-dns.yaml file.

2.    Reboot the instance.

3.    Run the systemd-resolve command to confirm that the intended DNS server IP addresses are being picked up correctly:

systemd-resolve --status

RHEL 7.5

By default, the resolv.conf file is managed by the NetworkManager service. The service then populates the file with DNS servers provided by DHCP. You can stop NetworkManager from managing the resolv.conf file, which makes sure that the DNS servers provided by DHCP are ignored.

Option 1

1.    Edit or create the /etc/dhcp/dhclient.conf file.

Note: Editing this file must be done with root user privileges. Either become root with "sudo -i" or execute all commands with "sudo".

2.    Add the supersede command to the file to override the domain-name-servers. In the following example, replace xxx.xxx.xxx.xxx with the IP address of the DNS server or servers that you want the instance to use:

supersede domain-name-servers xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx;

Because of this modification, when the instance is rebooted, the resolv.conf file is updated to contain only the DNS servers that you specified in the dhclient file. For more information about the supersede command, see the dhclient.conf(5) – Linux man page.

3.    Set the PEERDNS parameter to yes in your per-interface configuration files (/etc/sysconfig/network-scripts/ifcfg-*).

4.    Reboot the instance.

Option 2

1.    Create the /etc/NetworkManager/conf.d/disable-resolve.conf-managing.conf file with the following content:

[main]
dns=none

2.    Reboot the instance, and then populate the /etc/resolv.conf file manually.


Did this article help you?

Anything we could improve?


Need more help?