The very long DNS names AWS gives you for static IPs resolve public IPs for external requests and internal IPs for internal requests.
How we got here
Way back when I first set up machines in AWS, I put the external IPs they gave us in as
A records in our DNS.
I added the internal IP of each machine that needed to speak to each other.
For some reason, this worked.
One day, it broke. I don't know what happened, but they just stopped talking to each other. I fixed this by replacing the internal IPs with external IPs in the security group.
Eventually, we hit the limit of entries in a security group. Ugh.
Split DNS is a feature of DNS servers that allows them to return one set of records for some requests, and a different set of records to others. The most common implementation is serving private IPs for a web service to users inside the corporate firewall and public IPs to everyone else.
Here's what an assigned IP looks like in my account:
You can see the public IP
184.108.40.206 has the dns name
ec2-34-209-170-225.us-west-2.compute.amazonaws.com and is assigned to the private IP
From my house, I resolve the external IP:
From inside the VPC(actually, from the box this IP is assigned to), it instead resolves the local IP:
Taking advantage of Split DNS
Thanks, now what?
If you're always using the external IP, you're sending traffic out your virtual router and back in(sometimes called hairpin-ing). Using the internal IP keeps that traffic on the internal network.
You can use those very long DNS names everywhere, but they are no fun to type.
Instead, we now put those DNS names in as
This gives you both (probably shorter) friendly names and proper DNS resolution.