Useful DNS info on Amazon VPC

Recently spent two days on researching a weird DNS issue on Amazon AWS VPC. Learned a few things that I want to write down.

1. On Amazon VPC, Amazon DHCP server does not register/update DNS on user’s DNS server. DNS Client service on individual VPC instances register/update DNS entries on DNS server. Amazon DHCP lease renewal interval is between 30 to 60 minutes. If a DNS entry (A Record) is missing, the next renewal will recreate the entry.

2. Without enabling Scavenging, DNS entries will stay forever. So if an entry is missing, it must have been deleted somehow.

3. DNS Client service is able to delete it’s entry under following circumstances:

a. When updating AAAA (IPv6) record, it deletes its old AAAA and A record first. A record may end up missing in the end if you are using DHCP Option 81 and 6to4 on client NIC. http://support.microsoft.com/kb/2782438

b. When DHCP option for DNS server changes, DNS client will go to the old DNS server to delete their entries before moving on to new DNS server for new registration.

c. In a multi-DNS-Server environment, bad timing may cause entries to be deleted by another DNS server trying to replicate to your DNS server. There is a Microsoft knowledgebase article for it but I don’t remember.

d. Stop DHCP client service on a machine with static IP address.

4. DNS Client deletes an entry by updating with TTL set to 0.

5. Within same site, DNS servers refresh between each other every 15 minutes by default. The Expiration time on SOA tab is for validity for refreshing/syncing between DNS servers within same site.

6. TTL is the time that the entry will stay in OS’ local DNS cache.

7. Linux does not have local DNS cache.

8. Between sites, domain replication take care of DNS replication, so the replication interval is long.

9. Secure DNS updates initiated by DNS Client have TTL value of 20 minutes.