Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

CDP for AWS DNS Configuration

avatar
Dongkai-Yu author-rank
Cloudera Employee

Created on ‎07-07-2025 01:33 PM

Abstract: CDP is using many managed cloud services from different CSPs as underlying infrastructure. The DNS configuration in a typical CDP onboarding is critical to a successful deployment. This article introduces some common DNS setup issues with AWS and corresponding solutions.

AWS services with private endpoints used by CDP 

Most enterprise AWS consumers are using HUB-SPOKE network architecture with custom private DNS. The Custom private DNS usually resides on HUB VPC. Correct DNS configuration needs to be created for a successful deployment.

AWS managed services CDP is using

  • RDS
  • Elastic Kubernetes Service
  • Elastic File Service

In a typical HUB-Spoke network, the custom private DNS server is usually deployed in the HUB network. There are several other DNS servers that are being used. 

  • AWS Public DNS: Hosted by AWS on internet
  • AWS Default Private DNS: One per VPC. At 169.254.169.253 

Different AWS services use different DNS for its domain registration.

DongkaiYu_0-1750818579751.png

 

  • AWS RDS create an endpoint in the CDP VPC, and the DNS record for this endpoint is registered in AWS Public DNS
  • AWS EKS register an endpoint in the CDP VPC, and the DNS record for this endpoint is registered in AWS Public DNS
  • AWS EFS create an endpoint in the CDP VPC, and the DNS record for this endpoint is registered in AWS VPC Default DNS

Challenges introduced to CDP deployment and resolution

When using AWS VPC default DNS for CDP VPC

The VPC default DNS can return all the resolves for RDS, EKS, and EFS endpoints.

When using custom private DNS in the same VPC as CDP resources

Recursive lookup for RDS and EKS is DNS native feature, and custom private DNS will recursively lookup the DNS record and come back from AWS public DNS. But because the EFS DNS record is in VPC Default DNS, it can’t be recursively looked up. Users will need to manually configure conditional forward from the custom private DNS to the EFS endpoint.

DongkaiYu_1-1750818164207.png

 

Recursive lookup for RDS and EKS is DNS native feature, and custom private DNS will recursively lookup the DNS record and come back from AWS public DNS. But because the EFS DNS record is in VPC Default DNS, it can’t be recursively looked up.

Custom DNS on another network cannot do conditional forward to the AWS VPC default DNS for CDP VPC.

Users will have to create an AWS Route 53 Resolver with an inbound resolve endpoint, so that the custom private DNS can forward the conditional forward for EFS to this Resolver inbound endpoint.

DongkaiYu_2-1750818181699.png

 

So far, Data Warehouse doesn’t support custom private DNS. Which means if the customer’s network team does not allow VPC Default DNS, Data warehouse cannot be deployed.

Sometimes, we can convince the network team to use AWS VPC default DNS, but that will introduce another dilemma that the resources in CDP VPC will not be able to resolve the other resources in the custom private domain.

Users can create an AWS Route 53 resolver with outbound endpoint and forward the requests to the custom private domain to the custom private DNS server.

DongkaiYu_3-1750818198819.png

 

 

2,851 Views
0 Kudos
Announcements
Community Announcements
July 2025 Community Highlights
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
Join Us at CommunityOverCode Asia 2025: Exploring the Future...
What's New @ Cloudera
Announcing Cloudera Surveyor with Cloudera Streams Messaging...
What's New @ Cloudera
Cloudera Data Engineering Adds Suspend and Resume, Git Integ...
View More Announcements
Version history
Last update:
‎06-24-2025 07:30 PM
Updated by:
Cloudera Employee
Contributors