1. Enable private desktop access with OCI Secure Desktops
  2. Configure

Configure

Private Endpoint Desktop Pool access is through an IP address in a DNS zone in this format:
private.devices.desktops.<region-id>.oci.oraclecloud.com

To ensure that on-premises clients have the ability to resolve DNS entries for the zone, configure a DNS listener on a subnet with the DNS resolver type set to Internet and VCN Resolver.

Set Up VCN DNS Listener

  1. Create DHCP Options.
    1. In the Resources column, select VCN DHCP Options.
    2. Click Create DHCP Options and select the following.
      Field Value
      DNS Type Internet and VCN Resolver
      DNS Server Not needed
  2. Set up Subnet DHCP Options:
    1. Select the subnet that will have the DNS listener.
    2. Click Edit.
    3. Select Internal VCN DNS.
    4. Click Save Changes.
  3. Create VCN DNS Resolver Endpoint:
    1. On the VCN Information page, select DNS Resolver.
    2. In the Resources column, select Endpoints.
    3. Click Create Endpoint and enter the following values:
      Field Value
      Listener Enter a listener name.
      Subnet Subnet with Internet and VCN Resolver DHCP and DNS ingress setup.
      Endpoint Type Listening
  4. Add Subnet Ingress Rules to allow DNS, and perform these steps:
    1. Select Security Lists.
    2. Click Add Security List.
    3. Assign the following values:
      Field Value
      Stateless No
      Source 0.0.0.0/0
      IP Protocol TCP
      Source Port Range All
      Destination Port Range 53
      Allows TCP traffic for ports 53 Domain Name System (DNS)
See the DNS Peering with On-Prem section on the Private DNS implementation blog.

Set Up On-Premises DNS

After you configure the DNS listener, configure the DNS server used by on-premises clients to use the DNS listener IP address you created.

Configure your on-premises intranet DNS server with conditional DNS forwarding to the DNS listener configured in the VCN, and specify the zone name using the following command:
private.devices.desktops.<region>.oci.oraclecloud.com

Each client can add a DNS resolver locally for testing.

Follow these steps to set up a private zone specific resolver on MacOS:

  1. Create a folder /etc/resolver.
  2. Create a file named after the zone for each region that will have private access pools:
    private.devices.desktops.us-phoenix-1.oci.oraclecloud.com
domain private.devices.desktops.<region>.oci.oraclecloud.com
search private.devices.desktops.<region>.oci.oraclecloud.com
nameserver <Listener IP Address>
  3. After the file is saved, refresh the DNS Server using sudo killall -HUP mDNSResponder and verify the following:
    1. The resolver entry by running scutil --dns.
    2. The setup using the following lookup:
      dig @<Listern IP Address> cell-xxxxxx.private.devices.desktops.us-phoenix-1.oci.oraclecloud.com +short
198.51.100.29