AWS DNS resolution + micro bosh

John Wong

By default everything in a VPC outbound is restricted, whether you are in a
"public subnet" or "private subnet" or not.

The only thing that makes "public subnet" public is that you have a public
IP attached. Regardless, you can tune how traffic is routed via the routing

Amazon has a VPC service and there you can create subnets. One of the
options provides one-click to create public and private subnet with NAT.
This NAT is address translation unit. Basically all outbound traffic in
private subnet will go through this NAT (which resides in the public subnet
with EIP). This is enabled via routing table, which Amazon does the
creation for you. You can also choose to update the routing table yourself,
or create the routing tables and subnets all together on your own (manually
or cloudformation, doesn't matter).

Now, I don't know if your VPC is set up with the concept of public and
private subnet. If not, I urge you run in such mode.

I hope this helps you debug your issue. Run CF in your private subnet. To
allow people to get inside your CF apps use some webserver like nginx; to
allow CF to have outgoing traffic (such as getting packages), go through
the NAT.

On Sat, May 2, 2015 at 3:03 PM, Sumanth Yamala <Sumanth.Yamala(a)>

I create 2 VMs one with elastic IP and the other one is default network
with as the DNS. Both are created in the same subnet/vpc

The vm with elastic IP has no issues. The Vm with DNS turned on can
resolve other VMs via powerDNS but cannot resolve www.

It eventually times out.

Sent from my iPhone

On May 2, 2015, at 1:48 PM, "John Wong" <gokoproject(a)> wrote:

By hanging I supposed eventually timeout? If sure you have the
routing table configured for that subnet of your VPC? Create a vm in the
same subnet and try if you get the same hanging.

On Fri, May 1, 2015 at 9:02 PM, Sumanth Yamala <Sumanth.Yamala(a)>

There is no error. That VM hangs when I execute apt-get update or do a
traceroute to Yahoo.


Sent from my iPhone

On May 1, 2015, at 6:04 PM, "Dmitriy Kalinin" <dkalinin(a)>

Does it not work at all or is some error is shown?

On Fri, May 1, 2015 at 1:28 PM, Sumanth Yamala <Sumanth.Yamala(a)>

I tried putting as my dns.recursor…I am still having issues
with DNS resolution on nodes which use network with DNS entry of micro-bosh
( for the other nodes provisioned there is no issue.



*From:* Dmitriy Kalinin [mailto:dkalinin(a)]
*Sent:* Friday, May 01, 2015 3:39 PM
*To:* Sumanth Yamala
*Cc:* cf-bosh(a)
*Subject:* Re: [cf-bosh] AWS DNS resolution + micro bosh

You should be able to use dns.recursor exactly the same way on AWS as
you did on OpenStack.

Btw AWS provides address in your subnet as a full DNS.

On Fri, May 1, 2015 at 11:43 AM, Sumanth Yamala <Sumanth.Yamala(a)>

Hi ,

I am using the features of BOSH DNS resolution. Deployed a microbosh.
In my deployment manifest I specify for a default network to use
as my DNS.

The behavior is: in AWS

It is able to resolve BOSH deployed VM DNS like
“0.docker.default.docker-sample.microbosh” but it is unable to resolve How can I fix this behavior so that this resolves both.

In OpenStack I had a similar issue – I had to put
properties:dns:recursor with the name server that resolves the company
network and the “www” to get around this.

How do I solve this for AWS?



cf-bosh mailing list

cf-bosh mailing list

Join to automatically receive all group messages.