Mount Amazon EFS using FQDN on a Linux Machine with this in-depth guide from the experts at Bobcares. 

At Bobcares, we offer solutions for every query, big and small, as a part of our AWS Support Services.

Let’s take a look at how our Support Team is ready to help customers mount Amazon EFS using FQDN on a Linux Machine.

All about mounting Amazon EFS using FQDN on a Linux Machine

Our innovative Support Team offers an easy way to mount Amazon EFS via FQDN on a Linux machine. The process involves joining the Linux machine with AWS Managed Microsoft AD by configuring the instance to use the DNS server for the Active Directory.

In other words. All DNS requests from the EC2 Linux instances will route to the Active Directory servers.

Moreover, when we use Microsoft AD, we are forwarding DNS requests to the IP address of the DNS servers for the VPC. Furthermore, the DNS servers resolve names in the Amazon Route 53 (Route 53) private hosted zones.

However, if we do not use Route 53 private hosted zones, our DNS requests get forwarded to the public DNS servers. In case no such zones exist for the AWS services, these DNS requests find their way to public DNS servers. In this scenario, we can resolve AWS services FQDNs to public IP addresses.

Above all, the Amazon EFS FQDN resolves only to private IP addresses. Our Support Team would like to point out that we cannot mount EFS using FQDN while using Microsoft AD.

How to mount Amazon EFS using FQDN on a Linux Machine

Here is an example to get started on this particular issue. This example uses AWS Managed Microsoft AD with 10.30.32.80 and 10.20.34.122 as the DNS servers. Additionally, the EFS file system belongs to the same VPC with mount target 10.20.0.178.

1. While using netcat, we have to ensure the EC2 instance can establish a connection with 10.20.0.178, the EFS mount target:

   nc -vz 10.20.0.178 2049
   Connection to 10.20.0.178 2049 port [tcp/nfs] succeeded!
2. Then integrate Microsoft AD on the EC2 Linux server. After that, configure the Active Directory DNS servers:

   echo 'supersede domain-name-servers 10.20.32.80, 10.20.34.122;' 
   | sudo tee --append /etc/dhcp/dhclient.conf
   echo 'supersede domain-search "nikkisDNS.com";' 
   | sudo tee --append /etc/dhcp/dhclient.conf
   sudo dhclient -r
   sudo dhclient

3. Next, we will ensure the DNS servers are in place by taking a look at the resolv.conf file as seen below:

   cat /etc/resolv.conf
   options timeout:2 attempts:5
   ; generated by /sbin/dhclient-script
   search nikkisDNS.com.
   nameserver 10.20.32.80
   nameserver 10.20.34.122

4. After that, we have to run the dig command on the file system, to ensure the mount target private is not returned:

   dig fs-ca591a02.efs.eu-west-1.amazonaws.com 
   
   ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.64.amzn1 
   <<>> fs-ca591a02.efs.eu-west-1.amazonaws.com
   ;; global options: +cmd
   ;; Got answer:
   ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33320
   ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
   
   ;; QUESTION SECTION:
   ;fs-ca591a02.efs.eu-west-1.amazonaws.com. IN A
   
   ;; AUTHORITY SECTION:
   eu-west-1.amazonaws.com. 299	IN	SOA	dns-external-master.amazon.com. 
   hostmaster.amazon.com. 1312 180 60 2592000 7229

   Our Support Engineers would like to point out that the DNS request does not resolve to an A record. Additionally, the status shows NXDOMAIN.
   However, if we are using the name server for VPC from Amazon, it will resolve successfully as seen below:

   dig @10.20.0.2 fs-ca591a02.efs.eu-west-2.amazonaws.com
   ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.64.amzn1 <<>> fs-ca591a02.efs.eu-west-1.amazonaws.com
   ;; global options: +cmd
   ;; Got answer:
   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29705
   ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

   ;; QUESTION SECTION:
   ;fs-ca591a02.efs.eu-west-1.amazonaws.com. IN A

   ;; ANSWER SECTION:
   fs-ca591a02.efs.eu-west-1.amazonaws.com. 60 IN A 10.20.0.178

How to resolve the issue

In this scenario, we have to forward requests to the DNS by Amazon VPC DNS by configuring conditional forwarders for the Microsoft AD. Interestingly, this method works for resolving different AWS services FQDN to the private IP addresses if we use the DNS by the Directory.

However, we need a conditional forwarder rule to do this. In other words, this forwards the subdomains of the domain to a particular DNS server IP. Our Support Techs suggest using the AWS CLI command create-conditional-forwarder as seen below:

aws ds create-conditional-forwarder --directory-id d-93673d4d5a 
--remote-domain-name amazonaws.com --dns-ip-addrs 10.20.0.2 --region eu-west-1

We have to use the parameter as shown here:

• directory-id: Here, we enter the AD directory ID
• remote-domain-name: We can specify any domain
• dns-ip-addrs: Enter the DNS IP by the Amazon VPC

Ultimately, this allows DNS resolution of EFS FQDN. Moreover, it mounts the EFS FS via the FQDN:

dig fs-ca591a02.efs.eu-west-2.amazonaws.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.64.amzn1 
<<>> fs-ca591a02.efs.eu-west-1.amazonaws.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29705
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;fs-ca591a02.efs.eu-west-1.amazonaws.com. IN A

;; ANSWER SECTION:
fs-ca591a02.efs.eu-west-1.amazonaws.com. 60 IN A 10.20.0.178

[Looking for a solution to another query? We are just a click away.]

Conclusion

In brief, our skilled Support Engineers at Bobcares demonstrated how to mount Amazon EFS using FQDN on a Linux Machine.