The image shows DNS integration between on-premises or third-party cloud environments and an OCI region with two VCNs: Hub VCN and Spoke VCN. The on-premises or third-party cloud segment includes a DNS listener and DNS forwarder. These connect to OCI through a DRG using VPN, FastConnect, or Interconnect.

The Hub VCN contains a DNS subnet with an NSG listener, an NSG forwarder, a Hub DNS listener endpoint, and a Hub DNS forwarder endpoint. The Hub VCN also includes a Hub DNS resolver and a set of Hub DNS rules.

The Spoke VCN contains a spoke subnet with an NSG forwarder and a Spoke DNS forwarder endpoint, along with a Spoke DNS resolver and a set of Spoke DNS rules.