By default, instances created on Amazon EC2 will have a randomly assigned IPv4 address. It is however possible to pin instances to a preallocated IP address. These IP addresses are called Elastic IPs. Because IPv4 addresses are becoming very scarce, Amazon only allows a customer to allocate up to five Elastic IPs. Even though Elastic IPs are free to use when attached to a running instance, they come at a cost of $0.01 per hour unused.
Because of these two limitations, we have decided to simply use the randomly assigned addresses, which is why we’ve written a script to automatically create DNS entries in PowerDNS for instances managed through EC2. To indicate which FQDN should be attached to a certain instance, we use ec2-create-tags to create a hostname tag for any instance we spawn. Information about all running instances and their attached tags is returned by ec2-describe-instances. We transform this output to a set of SQL queries to update the ec2.kumina.nl zone. So for example, for the host foo.example.com, we create a CNAME entry from foo.example.com.ec2.kumina.nl to something of the form ec2-184-73-139-202.compute-1.amazonaws.com. The advantage of storing all these entries in ec2.kumina.nl instead of updating example.com directly, is that we only need to run this syncer for a single zone. It does however require an additional CNAME from foo.example.com to foo.example.com.ec2.kumina.nl, which has to be created manually.
The script has been written in such a way that it automatically garbage collects entries for instances which haven’t been updated for at least one week. This timeout could in theory be reduced to a lower value, though we’d better accept having a small amount of pollution in our DNS zone than taking the risk of deleting DNS entries prematurely.
Attached to this blogpost is the latest version of the DNS syncing script. There is however a fair chance it will be modified in the future, since this version still hardcodes the pathname of our configuration file storing the EC2 credentials (/etc/ec2-credentials/ec2_options) and our DNS zone name (ec2.kumina.nl).
Files: