The image shows an OCI Region and an On-Premises Data Center.

The OCI Region contains a Prod VCN containing Subnet A and an OCI DNS Listener/Forwarder.

The On-Premises Data Center has an Active-Directory DNS.

The OCI Region is connected to the On-Premises Data Center through a Dynamic Routing Gateway via Site-to-Site VPN or FastConnect.

There is a bidirectional arrow connecting the OCI DNS Listener/Forwarder and Active-Directory DNS:

• Active-Directory DNS to OCI DNS Listener/Forwarder: "Conditional Forwarder" of OCI related queries,e.g. <subnet-DNS-label><VCN-DNS-label>.oraclevcn.com.
• OCI DNS Listener/Forwarder to Active-Directory DNS: Forwarding Endpoint transfers Active-Directory related queries,e.g. domain.com, <subdomain>.domain.com, _msdc.domain.com