I have three instances in two separate VPCs. I've set up peering between the VPCs, both VPCs have DNS Resolution and DNS Hostnames enabled, the peering connection has "Allow DNS resolution from peer VPC […]" enabled, and the routing tables for both VPCs have entries to route across the peering connection to the other VPC's address space.
Let's call them Instance 1 (which resides in VPC A), and Instances 2 and 3 (which reside in VPC B)…
With my current setup, calling nslookup ec2-[instance2].compute-1.amazonaws.com on instance 1 returns the 10.x.x.x address for instance 2, and the amazonaws.com hostname for instance 3 returns the 10.x.x.x address for instance 3. This is as expected.
HOWEVER, when I call nslookup ec2-[instance1].compute-1.amazonaws.com from instance 2 or instance 3, it returns the 54.x.x.x public address for instance 1 instead of its 10.x.x.x address.
What am I missing or doing wrong? I've been able to do this before (many moons ago), I don't get why it's not working now.
Best Answer
The console doesn't seem to allow you to configure this on both sides of the connection when the same AWS account owns both the "requester" and "accepter" VPCs, so one-way resolution appears to be the only thing you can actually configure from the console -- only the requester VPC's hosts can be resolved.
It appears that you can fix this with aws-cli.
Line breaks for clarity, supply your VPCs' region with the
--regionoption and your peering connection ID with--vpc-peering-connection-id.Indeed, the above does change the value returned by
aws ec2 describe-vpc-peering-connections, which previously showed false on one side and true on the other after checking the box in the console.It's somewhat unusual but not unheard-of for capabilities not to be included in the console, but to be accessible only via the APIs.