# ECS Service Connect：同一命名空间内服务端点的 DNS 解析失败

- **ID:** `cloud/aws-ecs-service-connect-dns-resolution-failure`
- **领域:** cloud
- **类别:** network_error
- **错误码:** `ECS.ServiceConnect.DNSResolution`
- **验证级别:** ai_generated
- **修复率:** 78%

## 根因

使用 ECS Service Connect 时，任务无法解析同一命名空间中服务的 DNS 名称，因为服务发现命名空间未正确关联到 VPC，或者由于服务连接配置错误导致服务的 DNS 记录未传播。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| AWS ECS: latest | active | — | — |
| AWS Cloud Map: latest | active | — | — |
| Amazon VPC: any | active | — | — |

## 解决方案

1. ```
   Verify that the Cloud Map namespace is associated with the correct VPC. Run 'aws servicediscovery list-namespaces' and check the VPC configuration. If missing, create a new namespace with 'aws servicediscovery create-http-namespace --name my-namespace --vpc vpc-12345'.
   ```
2. ```
   Ensure the ECS task definition includes the 'awslogs' log driver and check the Service Connect logs for DNS queries using 'aws logs describe-log-groups' and filtering for 'DNS_RESOLUTION_FAILED'. Then update the service connect configuration with the correct 'clientAlias' and 'discoveryName'.
   ```

## 无效尝试

- **** — Overrides the default AWS DNS resolver, breaking Service Connect's built-in DNS resolution for the namespace. (80% 失败率)
- **** — IPs can change when tasks are redeployed or scaled; defeats the purpose of service discovery. (70% 失败率)
- **** — Restarting doesn't fix the underlying DNS configuration issue; the new tasks will face the same resolution failure. (50% 失败率)