Hi,
I’m doing a POC to connect our local machines to our Dev VPC on AWS.
I tried to follow this document Access AWS RDS privately using Tailscale · Tailscale, but connecting to private API Gateway (*.execute-api.ap-southeast-1.amazonaws.com) instead of RDS.
However, the Split DNS does not seem to work and I only get DNS timed out:
dns: Set: {DefaultResolvers:[] Routes:{execute-api.ap-southeast-1.amazonaws.com.:[10.0.0.2]} SearchDomains:[execute-api.ap-southeast-1.amazonaws.com.] Hosts:2}
dns: Resolvercfg: {Routes:{.:[172.19.176.1] execute-api.ap-southeast-1.amazonaws.com.:[10.0.0.2]} Hosts:2 LocalDomains:[]}
dns: OScfg: {Hosts:[] Nameservers:[100.100.100.100] SearchDomains:[execute-api.ap-southeast-1.amazonaws.com.] MatchDomains:[]}
dns udp query: context deadline exceeded
dns udp query: context deadline exceeded
My VPC’s subnets are configured as following:
The Tailscale instance on my EC2 was started like below
sudo tailscale up --advertise-routes=10.0.0.0/24,10.0.1.0/24,10.0.2.0/24,10.0.3.0/24 --accept-dns=false
And my Split DNS is setup with 10.0.0.2 as Nameservers for the search domain execute-api.ap-southeast-1.amazonaws.com
A quick nslookup on my EC2 to the API Gateway endpoint also showed 10.0.0.2 as the DNS server:
[ec2-user@ip-10-0-0-206 ~]$ nslookup foobar.execute-api.ap-southeast-1.amazonaws.com
Server: 10.0.0.2
Address: 10.0.0.2#53
Non-authoritative answer:
Name: foobar.execute-api.ap-southeast-1.amazonaws.com
Address: 10.0.3.118
Name: foobar.execute-api.ap-southeast-1.amazonaws.com
Address: 10.0.2.213
Could you show me what could be a potential error in my setup?
Thanks and regards,
Vinh.