[ajsharp]

Wait, what?? There's an invisible DNS server running inside your VPC? I get what you're saying wrt cached DNS lookups but this seems wild.

[ra1n85]

It's a DNS resolver that runs on the hypervisor hosting every instance.

[tbrock]

Yes and they limit you to throwing 1024 packets per second per network interface at it.

Of course you could run your own dns cache per host/pod whatever.

[cocire]

you've got me so curious, could you please point me to the aws docs?

[tbrock]

It’s the first thing on google when you google “aws dns vpc limits” but sure:

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.htm...

[res0nat0r]

Your VPC has a DNS server at .2 of your VPC CIDR block that is mounted via loopback on the dom0 and exposed to your VPC to let you do lookups via their DNS infra.

https://aws.amazon.com/premiumsupport/knowledge-center/vpc-e...

[andreareina]

This allows them to hand out private network addresses (IIRC they use 172.x.x.x) when the DNS query happens from within AWS.

[rconti]

"Invisible?" I mean, everyone who builds AWS infra, even just single ec2 instances, is aware of it. It's definitely possible that application engineers aren't aware, though.