DNS Server Configuration on the Virtual Private Cloud

Document created by RSA Information Design and Development on Feb 12, 2018
Version 1Show Document
  • View in full screen mode

For hostname resolution, the Amazon Web Services (AWS) appliance requires you to configure a DNS server in the Virtual Private Cloud (VPC).

You must create a DHCP options set, associate it with the VPC, and then change the VPC properties. In a mixed on-premises and AWS deployment, any on-premises RSA Authentication Manager primary and replica instances need to use the DNS server that is configured in the VPC.

Create a DHCP Options Set

Each VPC requires at least one DHCP options set. You can create multiple sets of DHCP options, but you can only associate one set of DHCP options with your VPC at a time.

Procedure 

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, select DHCP Options Sets, and then select Create DHCP options set.

  3. In the dialog box, enter values for the options that you want to use. For the Domain name servers value, specify your own DNS server or Amazon's DNS server (AmazonProvidedDNS).

    Note:  This must be the same DNS server that is used to configure RSA Authentication Manager during Quick Setup.

  4. Select Yes, Create.

    The new set of DHCP options appears in your list of DHCP options.

  5. Record the ID for the new set of DHCP options (dopt-xxxxxxxx). The ID is required to associate the new set of options with your VPC.

Associate DHCP Options with a VPC

You can change the DHCP options associated with the VPC.

Procedure 

    1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
    2. In the navigation pane, select Your VPCs.

    3. Select the VPC, and select Edit DHCP Options Set from the Actions list.

    4. In the DHCP Options Set list, select a set of options.

    5. Click Save.

      Any existing AWS instances and all new AWS instances that you launch in that VPC will use the options.

      You do not need to restart or relaunch the AWS instances. The instances automatically pick up the changes within a few hours, depending on how frequently the instance renews its DHCP lease. You can explicitly renew the lease in AWS. For instructions, see the AWS documentation.

  • Change the VPC Properties.

    You can change the VPC properties. Any on-premise RSA Authentication Manager primary and replica instances need to use the DNS server that is configured in the VPC.

    1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
    2. In the navigation pane, select Your VPCs.

    3. Select the VPC, and select Edit DNS Resolution. Select Yes.

    4. Select the VPC, and select Edit DNS Hostnames. Select No.

    After you finish 

    You must update the on-premise primary instance and replica instance hostname and IP address to the DNS server that was used in the above configuration. For instructions, see Change the Primary Instance IPv4 Network Settings and Change the Replica Instance IPv4 Network Settings.

     

     

     

     


    Attachments

      Outcomes