Configure DNS
DNS plays a foundational role in ensuring VMware services function correctly. In a multi-region failover design, continuous name resolution is essential. To support this, the architecture implements DNS forwarders and listeners across all four VCNs, ensuring reliable DNS resolution during both normal operations and failover events.
The DNS zones provisioned as part of the SDDC deployment such as oraclecloud.com, are system-managed and cannot be manually recreated. OCI Private DNS is designed to support cross-VCN resolution through DNS forwarding. This design follows that best practice by forwarding queries between VCNs using region-specific listeners.
Configure DNS Endpoints in Primary Region
When deploying an SDDC, Oracle Cloud VMware Solution automatically creates all required A and PTR records in DNS within the VCN, enabling internal name resolution. To enable cross-VCN and cross-region resolution, configure DNS forwarders and listeners as follows:
VCN-Primary
Create a private subnet for DNS resolver endpoints:
| Purpose | Subnet Name | CIDR |
|---|---|---|
| DNS Resolver Endpoints | Services-Primary-Subnet | 10.16.11.0/24 |
Create DNS endpoints in the VCN resolver:
| Endpoint Type | IP Address |
|---|---|
| Listener | 10.16.11.53 |
| Forwarder | 10.16.11.54 |
Configure DNS Endpoints in Secondary Region
Mirror the primary region setup with adjusted subnet CIDRs:
VCN-Secondary
Create a private subnet:
| Purpose | Subnet Name | CIDR |
|---|---|---|
| DNS Resolver Endpoints | Services-Secondary-Subnet | 10.17.11.0/24 |
Create DNS endpoints:
| Endpoint Type | IP Address |
|---|---|
| Listener | 10.17.11.53 |
| Forwarder | 10.17.11.54 |
VCN-MGMT-Failover
Create a private subnet:
| Purpose | /subnet Name | CIDR |
|---|---|---|
| DNS Resolver Endpoints | Services-Mgmt-Failover-Subnet | 172.45.11.0/24 |
Create DNS endpoint:
| Endpoint Type | IP Address |
|---|---|
| Forwarder | 172.45.11.54 |
DNS Endpoints Summary
The DNS endpoints summary is described in the following table:
| VCN | DNS Forwarder IP | DNS Listener IP |
|---|---|---|
VCN-MGMT-Active |
172.45.11.166 |
– |
VCN-Primary |
10.16.11.54 |
10.16.11.53 |
VCN-MGMT-Failover |
172.45.11.54 |
– |
VCN-Secondary |
10.17.11.54 |
10.17.11.53 |
Listener: Processes DNS queries locally and those forwarded from other VCNs, regions, or on-premises.
Forwarder: Relays unresolved queries to designated DNS servers or listeners.
Configure the Forwarding Strategy
To ensure seamless DNS resolution across both OCI Dedicated Region A and OCI Dedicated Region B, each VCN’s DNS resolver is configured with forwarding rules directing queries to the appropriate region-specific listeners:
- Forward OCI Dedicated Region A queries to
VCN-Primarylistener (10.16.11.53) - Forward OCI Dedicated Region B queries to
VCN-Secondarylistener (10.17.11.53)
- Forward OCI Dedicated Region B queries to
VCN-Secondarylistener
- Forward OCI Dedicated Region A queries to
VCN-Primarylistener
Note:
Forwarding rules must cover both forward and reverse DNS zones to guarantee complete name and IP resolution, especially during failover.