DNS

The DNS service helps you create and manage your DNS zones.

You can create zones, add records to zones, and allow Oracle Cloud Infrastructure's edge network to handle your domain's DNS queries.

See Records for additional information.

Tip

Watch a video introduction to the service.

What is DNS?

The Domain Name System (DNS) translates human-readable domain names  to machine-readable IP addresses. A DNS nameserver  stores the DNS records  for a zone , and responds with answers to queries against its database. When you type a domain name into a browser, the computer OS queries several DNS nameservers until it finds the authoritative nameserver for that domain. The authoritative nameserver then responds with an IP address or other requested record data. The answer is then relayed back to the browser and the DNS record is resolved to the web page.

The DNS service offers the following configurations and features:
  • Public DNS: Create zones with publicly available domain names reachable on internet. You need to register with a DNS registrar (delegation).
  • Private DNS: Provides hostname  resolution for applications running within and between virtual cloud networks
  • Secondary DNS: Secondary DNS provides redundancy for primary DNS servers .
  • Reverse DNS: (RDNS) Maps an IP address to a hostname .

DNS Service Components

The following list describes the components used to build a DNS zone and make it accessible from the internet.

domain
Domain names identify a specific location or group of locations on the Internet as a whole. A common definition of domain is the complete part of the DNS tree that has been delegated to a user's control. For example, example.com or oracle.com.
zone
A zone is a part of the DNS namespace. A Start of Authority record (SOA) defines a zone. A zone contains all labels underneath itself in the tree, unless otherwise specified.
label
Labels are prepended to the zone name, separated by a period, to form the name of a subdomain. For example, the www section of www.example.com or the docs and us-ashburn-1 sections of docs.us-ashburn-1.oraclecloud.com are labels. Records are associated with these domains.
child zone
Child zones are independent subdomains with their own Start of Authority and Name Server (NS) records. The parent zone of a child zone must contain NS records that refer DNS queries to the name servers responsible for the child zone. Each child zone creates another link in the delegation chain.
resource records
A record contains specific domain information for a zone. Each record type contains information called record data (RDATA). For example, the RDATA of an A or AAAA record contains an IP address for a domain name, while MX records contain information about the mail server for a domain. OCI normalizes all RDATA into the most machine readable format. The returned presentation of your RDATA may differ from its initial input. For more information about RDATA, please see Supported DNS Resource Record Types.
delegation

Delegating a domain with a registrar makes the OCI hosted zone  accessible through the internet. OCI isn't a registrar. However, you can delegate OCI DNS zones with registrars such as VeriSign or GoDaddy.

Domain Name Normalization

The OCI DNS service normalizes domain names that use Internationalized Domain Names (IDNs) by converting them into Punycode format. Requests to OCI DNS can use IDNs, but responses use Punycode. For example, if you create a zone and provide an IDN zone name, the resulting response for the created zone uses Punycode.

Authentication and Authorization

Each service in Oracle Cloud Infrastructure integrates with IAM for authentication and authorization, for all interfaces (the Console, SDK or CLI, and REST API).

An administrator in your organization needs to set up groups , compartments , and policies  that control which users can access which services, which resources, and the type of access. For example, the policies control who can create new users, create and manage the cloud network, launch instances, create buckets, download objects, and so on. For more information, see Getting Started with Policies. For specific details about writing policies for each of the different services, see Policy Reference.

If you're a regular user (not an administrator) who needs to use the Oracle Cloud Infrastructure resources that your company owns, contact your administrator to set up a user ID for you. The administrator can confirm which compartment or compartments you should be using.

Monitoring Resources

You can monitor the health, capacity, and performance of Oracle Cloud Infrastructure resources by using metrics, alarms, and notifications. For more information, see Monitoring and Notifications.

DNS Service Capabilities and Limits

  • The OCI DNS service is limited to 1000 zones per account and 25,000 records per zone. Customers with zone and record size needs exceeding these values are encouraged to contact support at support.oracle.com.

  • Zone file uploads are limited to 1 megabyte (MB) in size per zone file. If a zone file is larger than 1 MB, you need to split the zone file into smaller batches to upload all the zone information. For more information and a workaround for this limitation, see Zone File Limitations and Considerations.

  • Public DNS zones are only supported in the OC1 commercial realm. For more information and to check if a region is included in OC1, see Regions and Availability Domains.

Required IAM Service Policy

To use Oracle Cloud Infrastructure, you must be granted security access in a policy  by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don't have permission or are unauthorized, verify with your administrator what type of access you have and which compartment  to work in.

If you're new to policies, see Getting Started with Policies and Common Policies. For more details about policies for DNS, see Details for the DNS Service.

Permissions are required for managing DNS. The level of access is cumulative as you go from inspect > read > use > manage. For example, the read verb covers permissions to read and inspect. The manage verb covers permissions for inspect, read, update, create, delete, and move.

Policy examples:

  • To enable all operations on zones for a specific user group:
    Allow group <GroupName> to manage dns in tenancy
  • To enable a specific group to read zones:
    Allow group <GroupName> to read dns-zones in tenancy
  • To create a read-only DNS management group:
    Allow group <GroupName> to read dns in tenancy