ECS Service Connect:同一命名空间内服务端点的 DNS 解析失败
ECS Service Connect: DNS resolution failed for service endpoint within the same namespace
ID: cloud/aws-ecs-service-connect-dns-resolution-failure
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| AWS ECS: latest | active | — | — | — |
| AWS Cloud Map: latest | active | — | — | — |
| Amazon VPC: any | active | — | — | — |
根因分析
使用 ECS Service Connect 时,任务无法解析同一命名空间中服务的 DNS 名称,因为服务发现命名空间未正确关联到 VPC,或者由于服务连接配置错误导致服务的 DNS 记录未传播。
English
When using ECS Service Connect, tasks fail to resolve the DNS name of a service in the same namespace because the service discovery namespace is not properly associated with the VPC, or the service's DNS records are not propagated due to a misconfigured service connect configuration.
官方文档
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html解决方案
-
Verify that the Cloud Map namespace is associated with the correct VPC. Run 'aws servicediscovery list-namespaces' and check the VPC configuration. If missing, create a new namespace with 'aws servicediscovery create-http-namespace --name my-namespace --vpc vpc-12345'.
-
Ensure the ECS task definition includes the 'awslogs' log driver and check the Service Connect logs for DNS queries using 'aws logs describe-log-groups' and filtering for 'DNS_RESOLUTION_FAILED'. Then update the service connect configuration with the correct 'clientAlias' and 'discoveryName'.
无效尝试
常见但无效的做法:
-
80% 失败
Overrides the default AWS DNS resolver, breaking Service Connect's built-in DNS resolution for the namespace.
-
70% 失败
IPs can change when tasks are redeployed or scaled; defeats the purpose of service discovery.
-
50% 失败
Restarting doesn't fix the underlying DNS configuration issue; the new tasks will face the same resolution failure.