By default, Amazon VPC peering connections do not include support for resolving DNS queries between peered VPCs. This means that, in a peered VPC setup, resources in one VPC cannot resolve the private DNS names of resources in the other VPC. This can cause issues in some scenarios where you have services that rely on internal DNS resolution.
To ensure VPC Peering DNS resolution is enabled, you can follow these remediation steps:
- In the AWS Management Console, navigate to the VPC service.
- Select the requester VPC and then click on the "Peering Connections" tab.
- Select the peering connection that you want to modify.
- Click on the "Actions" button and then click on "Edit DNS Settings".
- Select the "Enable DNS resolution" option and click "Save".
- Repeat the above steps for the accepter VPC.
After you enable DNS resolution, the private DNS names of the resources in the peered VPCs can be resolved using the Amazon-provided DNS server located at a reserved IP address in the VPC CIDR block range.
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.
