#DNS at the cluster level on FSxN - insufficient privileges

Hey everyone,

I'm trying to configure DNS at the cluster level on FSxN but running into permission issues.

Context: I need cluster-level DNS to configure SSL for EMS and audit log forwarding to a syslog server. Without proper DNS resolution, the SSL handshake fails when using IP addresses - the certificate validation requires matching hostnames.

When I run dns create or dns modify via CLI as fsxadmin, I get insufficient privileges. It seems like cluster-level DNS management requires admin (diag) access which AWS doesn't expose.

I also checked the AWS Console (FSx dashboard) but there seems to be no option to modify DNS settings at the cluster level.

Has anyone managed to configure cluster-level DNS on FSxN?

Any pointers appreciated. Thanks!

Hello @next topaz! Cluster DNS-level access isn't possible because it's a AWS managed service; the vserver-type admin isn't exposed to the user/role fsxadmin, so it can't be configured. Under the SVM level its possible.
Is this a public or private cert?

hi @timid phoenix
It is a cert signed by the company CA (private ?). The IP is listed in the Subject Alternative Name.
However, we would like to use an FQDN for redundancy purposes - there is a load balancer spreading the traffic among multiple IPs.

Does AWS support have access to the admin account to set it up ?