Note:

• This tutorial requires access to Oracle Cloud. To sign up for a free account, see Get started with Oracle Cloud Infrastructure Free Tier.
• It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.

Configure private DNS zones, views, and resolvers

Introduction

Customers want to specify their own private DNS domain names to manage their private assets in OCI, as well as support DNS resolution between VCNs and between VCNs and on-premises networks. Private DNS will give them the ability to:

• Create private DNS zones with their desired names and create records for their private resources
• Private DNS resolver for DNS resolution to and from other private networks
• Resolve queries for custom private zones and system generated zones (oraclevcn.com)
• Support for DNS views and conditional forwarding for split-horizon environments

Customer Benefits

• Private DNS Names allows customers to use and manage their own domain names, zones, and records for private DNS
• Private DNS Resolver provide DNS resolution within a VCN, between VCNs and Between VCNs and a customer’s on-premises network
• Simplifies the management of customer’s private assets in OCI
• Common user experience for managing global and private zones – common Console and API

Sign in to OCI Console

This lab assumes you are a tenancy administrator. If you are not, request to the tenancy administrator to provide you the proper permission to manage DNS services, create and manage VCNs, create and manage instances.

Create a Compartment (optional)

1. From the OCI services menu, click Compartments under Identity.
2. Click Create Compartment.
3. Fill the compartment name, description and choose the parent compartment.
4. Click Create Compartment.

Use Resource Manager to Create VCNs and Test VM

If you are not the administrator, you have to request the admin to give you permissions to manage Resource Manager Stacks by creating the following IAM policies in a compartment of your choice with the following statements:

For Resource Manager:

Allow group <group_name> to manage orm-stacks in compartment <compartment_name>
Allow group <group_name> to manage orm-jobs in compartment <compartment_name>

For DNS Management:

Allow group <group_name> to manage dns in tenancy <TenancyName>

1. If you’re configuring DNS in your own tenancy, then click .

   This button will help you to set up required configuration in your tenancy. If you aren’t already signed in, enter the tenancy and user credentials.

2. Review and accept the terms and conditions.

3. Select the region where you want to deploy the stack.

4. Follow the on-screen prompts and instructions to create the stack.

5. After creating the stack, click Terraform Actions, and select Plan.

6. Wait for the job to be completed, and review the plan. To make any changes, return to the Stack Details page, click Edit Stack, and make the required changes. Then, run the Plan action again.

7. Upon Completion (RMJ big button will turn green), click Stack Details and then click Apply under Terraform Actions.

8. Click Apply in the Apply window.

Create Hubzone.com Custom Private Zone

1. From the OCI services menu, click DNS Management under Networking.
2. Under DNS Management, click on Zones, and then Private Zones You should see the private zones that are created automatically for your subnets.
3. Click on Create Zone and create zone hubzone.com. Select Selecting existing DNS Private View and name it hub_vcn.

View Automatically Generated Records

After the zone is created, select Records to view the automatically generated NS and SOA records

Create A Record in hubvcn.com

1. Click on Add Record button.
2. Select Record Type A - IPv4 Address.
3. Set Name to server01.
4. Set TTL to 30 seconds. If the lock icon is engaged, click on it to disengage and enable the field.
5. Set Address to 10.0.0.2.
6. Click Submit.
7. Click Publish Changes and then Publish Changes again in the new window.

Create spokezone.com Custom Private Zone on the Hub VCN

1. From the OCI services menu, click DNS Management under Networking.
2. Under DNS Management, click Zones and then Private Zones. You are able to see the private zones that are created automatically for your subnets.
3. Click Create Zone and create zone spokezone.com. Select Selecting existing DNS Private View and name it spoke_vcn.

Create a Record in spokevcn.com

1. Click on Add Record button.
2. Select Record Type A - IPv4 Address.
3. Set Name to server01.
4. Set TTL to 60.
5. Set Address to 10.10.0.123.
6. Click Submit.
7. Click Publish Changes and then Publish Changes again in the new window.

SSH into the Compute Instance Test VM

1. From cloud shell, ssh to the testVM

   ssh  -f my_key opc@<testVM public IP>
   

2. Lookup server01.hubzone.com

   [opc@primaryvnic ~]$ host server01.hubzone.com
   

   server01.hubzone.com has address 10.0.0.2
   

3. Looukp the system generated zone entry

   [opc@primaryvnic ~]$ host -t NS hubzone.com
   

   hubzone.com name server vcn-dns.oraclevcn.com.
   

   [opc@primaryvnic ~]$ host -t SOA hubzone.com
   

   hubzone.com has SOA record vcn-dns.oraclevcn.com. hostmaster.oracle.com. 2 3600 3600 3600 10
   

4. Lookup server01.spokezone.com

   [opc@primaryvnic ~]$ host server01.spokevcn.com
   

   Host server01.spokevcn.com not found: 3(NXDOMAIN)
   

The zone is not associated with any of the VCN’s view leave cloud shell connect to the instance. we’ll go back to it shortly.

Associate the Private View to a VCN

1. From the OCI services menu, click Virtual Cloud Networks under Networking.

2. Click hub_vcn from the VCNs’ list.

3. Locate the DNS Resolver and click on hub_vcn.

4. Click Manage Private Views.

5. Select spoke_vcn under Choose a Private View in private-DNS.

6. Reboot the instance (just to make things faster) and then look up server01.spokezone.com again.

   [opc@primaryvnic ~]$ host server01.spokevcn.com
   

   server01.spokezone.com has address 10.0.0.2
   

Now the hub_vcn resolver has access to the spoke_vcn private view and can resolve names from the zones within it.

Acknowledgements

Author - Orlando Gentil (OCI Product Manager)

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

---

Title and Copyright Information

Configure private DNS zones views and resolvers

F37819-03

November 2021

Copyright © 2021, Oracle and/or its affiliates.