0

Cannot resolve IP address of a private AWS RDS database

I work from home. I use NextDNS. My company uses AWS RDS clusters in private subnets. The RDS endpoints are private so they're in private CIDR ranges (eg: 10.x.x.x). However, the DNS records are public. I can resolve these addresses using Google/Cloudflare DNS services, but I cannot resolve them with NextDNS:

# Cloudflare
dig @1.1.1.1 <private_rds>.rds.amazonaws.com
;; ANSWER SECTION:
<dbname>.<unique_id>.<aws_region>.rds.amazonaws.com. 5 IN A 10.1.2.3

# Google
dig @8.8.8.8 <private_rds>.rds.amazonaws.com
;; ANSWER SECTION:
<dbname>.<unique_id>.<aws_region>.rds.amazonaws.com. 5 IN A 10.1.2.3

# Home router (NextDNS)
dig <private_rds>.rds.amazonaws.com
;; ANSWER SECTION:
<dbname>.<unique_id>.<aws_region>.rds.amazonaws.com. IN A

 

I am aware of the DNS Rebind protection interfering with public DNS names resolving to private IP addresses, but I have whitelisted *.amazonaws.com to get around this. So my NextDNS logs show that lookup request came through, was not filtered or blocked. But NextDNS fails to resolve the address while other providers do not.

Reply

null

Content aside

  • 1 yr agoLast active
  • 57Views
  • 1 Following