DHCP options sets for your VPC - Amazon Virtual Private Cloud
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

DHCP options sets for your VPC

The Dynamic Host Configuration Protocol (DHCP) provides a standard for passing configuration information to hosts on a TCP/IP network. The options field of a DHCP message contains configuration parameters, including the domain name, domain name server, and the netbios-node-type.

When you create a VPC, we automatically create a set of DHCP options and associate them with the VPC. You can configure your own DHCP options set for your VPC.

Overview of DHCP options sets

By default, all instances in a nondefault VPC receive an unresolvable host name that Amazon assigns (for example, ip-10-0-0-202). You can assign your own domain name to your instances and your own DNS servers. To do that, you must create a custom set of DHCP options to use with the VPC.

The following are the supported options for a DHCP options set, and the value that is provided in the default DHCP options set for your VPC. You can specify only the options that you need in your DHCP options set. For more information about the options, see RFC 2132.

domain-name-servers

The IP addresses of up to four IPv4 domain name servers (or up to three IPv4 domain name servers and "AmazonProvidedDNS") and four IPv6 domain name servers. The IPv4 address of the Amazon provided DNS server is 169.254.169.253 (or the reserved IP address at the base of the VPC IPv6 network range plus two) and the IPv6 address is fd00:ec2::253.

To specify more than one domain name server, separate each of them with commas. Although you can specify up to eight domain name servers, some operating systems might impose lower limits.

To use this option, set it to either AmazonProvidedDNS or custom domain name servers. Using both might cause unexpected behavior.

Default DHCP options set: AmazonProvidedDNS

domain-name

The custom domain name for your instances. If you are not using AmazonProvidedDNS, your custom domain name servers must resolve the hostname as appropriate. If you use a Amazon Route 53 private hosted zone, you can use AmazonProvidedDNS. For more information, see DNS support for your VPC.

Some Linux operating systems accept multiple domain names separated by spaces. However, other Linux operating systems and Windows treat the value as a single domain, which results in unexpected behavior. If your DHCP options set is associated with a VPC that contains instances that are not all running the same operating systems, specify only one domain name.

Default DHCP options set: For us-east-1, the value is ec2.internal. For other Regions, the value is region.compute.internal (for example, ap-northeast-1.compute.internal). To use the default values, set domain-name-servers to AmazonProvidedDNS.

ntp-servers

The IP addresses of up to eight Network Time Protocol (NTP) servers (four IPv4 addresses and four IPv6 addresses). For more information, see section 8.3 of RFC 2132. You can specify the Amazon Time Sync Service at IPv4 address 169.254.169.123 or IPv6 address fd00:ec2::123. The IPv6 address is only accessible on EC2 instances built on the Nitro System. For more information, see Set the time for your instance in the Amazon EC2 User Guide for Linux Instances.

Default DHCP options set: None

netbios-name-servers

The IP addresses of up to four NetBIOS name servers.

Default DHCP options set: None

netbios-node-type

The NetBIOS node type (1, 2, 4, or 8). We recommend that you specify 2 (point-to-point, or P-node). Broadcast and multicast are not currently supported. For more information about these node types, see section 8.7 of RFC 2132 and section 10 of RFC1001.

Default DHCP options set: None

Amazon DNS server

The default DHCP options set for your VPC includes two options:

  • domain-name-servers=AmazonProvidedDNS

  • domain-name=domain-name-for-your-region

AmazonProvidedDNS is an Amazon Route 53 Resolver server, and this option enables DNS for instances that need to communicate over the VPC's internet gateway. The DNS server does not reside within a specific subnet or Availability Zone in a VPC. The string AmazonProvidedDNS maps to a DNS server running on 169.254.169.253 (and the reserved IP address at the base of the VPC IPv4 network range, plus two) and fd00:ec2::253. For example, the DNS Server on a 10.0.0.0/16 network is located at 10.0.0.2. For VPCs with multiple IPv4 CIDR blocks, the DNS server IP address is located in the primary CIDR block.

When you launch an instance into a VPC, we provide the instance with a private DNS hostname. We also provide a public DNS hostname if the instance is configured with a public IPv4 address and the VPC DNS attributes are enabled.

The format of the private DNS hostname depends on how you configure the EC2 instance when you launch it. For more information on the types of private DNS hostnames, see EC2 instance naming.

The Amazon DNS server in your VPC is used to resolve the DNS domain names that you specify in a private hosted zone in Route 53. For more information about private hosted zones, see Working with private hosted zones in the Amazon Route 53 Developer Guide.

Note

When launching an IPv6-only instance, it is possible that DHCPv6 may not immediately provide the instance with the IPv6 DNS name server. During this initial delay, the instance may not be able to resolve public domains.

For instances running on Amazon Linux 2, if you want to immediately update the /etc/resolv.conf file with the IPv6 DNS name server, run the following cloud-init directive at launch:

#cloud-config bootcmd: - /usr/bin/sed -i -E 's,^nameserver\s+[\.[:digit:]]+$,nameserver fd00:ec2::253,' /etc/resolv.conf

Another option is to change the configuration file and re-image your AMI so that the file has the IPv6 DNS name server address immediately on booting.

Rules and considerations

When using the Amazon DNS server, the following rules and considerations apply.

  • You cannot filter traffic to or from the Amazon DNS server using network ACLs or security groups.

  • Services that use the Hadoop framework, such as Amazon EMR, require instances to resolve their own fully qualified domain names (FQDN). In such cases, DNS resolution can fail if the domain-name-servers option is set to a custom value. To ensure proper DNS resolution, consider adding a conditional forwarder on your DNS server to forward queries for the domain region-name.compute.internal to the Amazon DNS server. For more information, see Setting up a VPC to host clusters in the Amazon EMR Management Guide.

  • Windows Server 2008 disallows the use of a DNS server located in the link-local address range (169.254.0.0/16).

  • The Amazon Route 53 Resolver only supports recursive DNS queries.

Change DHCP options

After you create a set of DHCP options, you can't modify them. If you need your VPC to use a different set of DHCP options, you must create it and then associate it with your VPC. Alternatively, you can specify that your VPC should use no DHCP options.

You can have multiple sets of DHCP options, but you can associate only one set of DHCP options with a VPC at a time. If you delete a VPC, the DHCP options set that is associated with the VPC is disassociated from the VPC.

After you associate a new set of DHCP options with a VPC, any existing instances and all new instances that you launch in the VPC use the new options. You don't need to restart or relaunch your instances. Instances automatically pick up the changes within a few hours, depending on how frequently they renew their DHCP leases. If you prefer, you can explicitly renew the lease using the operating system on the instance.

Work with DHCP options sets

This section shows you how to work with DHCP options sets.

Create a DHCP options set

You can create as many additional DHCP options sets as you want. However, you can only associate a VPC with one set of DHCP options at a time. After you create a set of DHCP options, you must configure your VPC to use it. For more information, see Change the set of DHCP options that a VPC uses.

To create a DHCP options set

  1. Open the Amazon VPC console at https://console.amazonaws.cn/vpc/.

  2. In the navigation pane, choose DHCP Options Sets.

  3. Choose Create DHCP options set.

  4. For Tag settings, optionally enter a name for the DHCP options set. This creates a Name tag for the DHCP options set.

  5. For DHCP options, provide the configuration parameters that you need.

    Important

    If your VPC has an internet gateway, make sure to specify your own DNS server or Amazon's DNS server (AmazonProvidedDNS) for the Domain name servers value. Otherwise, the instances that need to communicate with the internet won't have access to DNS.

  6. For Tags, optionally add or remove a tag.

    • [Add a tag] Choose Add new tag and enter the key name and key value.

    • [Remove a tag] Choose Remove next to the tag.

  7. Choose Create DHCP options set.

  8. Make a note of the ID of the new set of DHCP options (dopt-xxxxxxxx). You will need this ID to associate the new set of options with your VPC.

Now that you've created a set of DHCP options, you must associate it with your VPC for the options to take effect. You can create multiple sets of DHCP options, but you can associate only one set of DHCP options with your VPC at a time.

Change the set of DHCP options that a VPC uses

You can change which set of DHCP options your VPC uses. After you associate a new set of DHCP options with the VPC, any existing instances and all new instances that you launch in that VPC use the new options. You don't need to restart or relaunch your instances. Instances automatically pick up the changes within a few hours, depending on how frequently they renew their DHCP leases. If you prefer, you can explicitly renew the lease using the operating system on the instance.

If you do not want your VPC to use DHCP options, see Change a VPC to use no DHCP options.

Note

The following procedure assumes that you've already created the DHCP options set. Otherwise, create the options set as described in the previous section.

To change the DHCP options set associated with a VPC

  1. Open the Amazon VPC console at https://console.amazonaws.cn/vpc/.

  2. In the navigation pane, choose Your VPCs.

  3. Select the checkbox for the VPC, and then choose Actions, Edit DHCP options set.

  4. For DHCP options set, choose the DHCP options set.

  5. Choose Save changes.

Change a VPC to use no DHCP options

You can set up your VPC so that it does not use a set of DHCP options. You don't need to restart or relaunch your instances. Instances automatically pick up the changes within a few hours, depending on how frequently they renew their DHCP leases. If you prefer, you can explicitly renew the lease using the operating system on the instance.

  1. Open the Amazon VPC console at https://console.amazonaws.cn/vpc/.

  2. In the navigation pane, choose Your VPCs.

  3. Select the checkbox for the VPC, and then choose Actions, Edit DHCP options set.

  4. For DHCP options set, choose No DHCP options set.

  5. Choose Save changes.

Modify the tags of a DHCP options set

You can use tags to easily identify your options set.

To modify the tags of a DHCP options set

  1. Open the Amazon VPC console at https://console.amazonaws.cn/vpc/.

  2. In the navigation pane, choose DHCP options sets.

  3. Select the radio button for the DHCP options set, and then choose Actions, Manage tags.

  4. For Tags, add or remove tags as needed.

    • [Add a tag] Choose Add new tag and enter the key name and key value.

    • [Remove a tag] Choose Remove next to the tag.

  5. Choose Save.

Delete a DHCP options set

When you no longer need a DHCP options set, use the following procedure to delete it. Make sure that you change the VPCs that use these options to another option set, or no options, For more information, see Change the set of DHCP options that a VPC uses and Change a VPC to use no DHCP options .

To delete a DHCP options set

  1. Open the Amazon VPC console at https://console.amazonaws.cn/vpc/.

  2. In the navigation pane, choose DHCP Options Sets.

  3. Select the radio button for the DHCP options set, and then choose Actions, Delete DHCP options set.

  4. When prompted for confirmation, enter delete, and then choose Delete DHCP options set.

API and command overview

You can perform the tasks described in this topic using the command line or an API. For more information about the command line interfaces and a list of available APIs, see Access Amazon VPC.

Create a set of DHCP options for your VPC

Associate a set of DHCP options with the specified VPC, or no DHCP options

Describe one or more sets of DHCP options

Delete a set of DHCP options