I am experiencing DNS or SSL errors and conflicts with my Private Network

Scaleway VPC and Private Networks integrate managed DNS, for the effective resolution of hostnames to IP addresses. You may be experiencing DNS and/or related SSL errors when attempting to access your resource over its hostname on a Private Network.

This document guides you through solutions to this type of problem.

Basic steps to try firstLink to this anchor

• Make sure that DHCP is activated on your Private Network.
• Ensure that you have tried detaching/reattaching the affected resources from/to the Private Network, particularly if they are older resources or you have changed their name.
• Ensure that you are correctly addressing resources attached to a Private Network, using the format resource-name.private-network-name.internal. The .internal is important to allow Scaleway DNS to distinguish public and private hostnames and correctly resolve requests. Find out more about DNS.

Check for TLD naming problemLink to this anchor

If you have given your Private Network a name that is also a Top Level Domain, you may experience SSL or addressing errors and conflicts when you try to access resources on the public internet with the same TLD as your Private Network, or when trying to reach resources on your Private Network from the public internet. Examples are:

• Errors when trying to reach google.dev from a Private Network named dev
• Errors when trying to reach scw.cloud.network from a Private Network named network

SolutionLink to this anchor

Scaleway is working on a solution to allow users to name their Private Networks with a TLD name without experiencing any conflicts. In the meantime, until this solution is deployed, you should not give your Private Network a name that is also a TLD.

• For a complete reference of TLDs to avoid, see the full list provided by IANA
• Giving a name that uses a TLD in combination with something else (e.g. dev-123 or cloud-sarah) is OK, as long as the entire Private Network name is not the same as a TLD (e.g. dev, cloud)

You can change your Private Network name at any time in the Scaleway console:

1. In the side menu, click VPC.

2. Click the VPC containing the Private Network to rename.

3. Click the Private Network to rename.

4. Click the Private Network’s name at the top of the screen, change it to a new name, and click «Validate Icon» to confirm.

   Important

   • After changing the name of Private Network, it can take up to five minutes for the new name to be propagated.
   • You should also renew DHCP leases in order to update the list of search domains for the Private Network: do this by running netplan apply on Ubuntu servers.
   • Note that resources in a Private Network are in any case always reachable by their IP address.

Check whether resource has a dot in its hostnameLink to this anchor

Issues may arise with internal addressing if you give your resource a name that includes a dot (.).

SolutionLink to this anchor

Try renaming your resource to a name that does not include a dot, then detach/reattach it to the Private Network in order to update DNS.

Distributions running Network ManagerLink to this anchor

Private DNS should work out of the box for attached resources with Debian-based distributions, and for distributions using systemd-resolved, such as Ubuntu.

It does not work out of the box for Linux distributions using Network Manager, such as RockyLinux.

SolutionLink to this anchor

If your resource is running RockyLinux, or another distribution using Network Manager, you should manually configure the system to use the nameserver 169.254.169.254. You will then be able to resolve the name of your resources, as well as public domain names.