The latest cloud infrastructure announcements, technical solutions, and enterprise cloud insights.

Announcing Oracle Cloud Infrastructure Private DNS

Paul Cainkar
Principal Solution Architect

We’re pleased to announce the general availability of Oracle Cloud Infrastructure Private DNS. With Private DNS, you can create private domain name system (DNS) zones in your virtual cloud network (VCN) and interconnect DNS between your on-premises and cloud networks.


Private DNS provides DNS resolution of custom DNS domains within your VCN. These domains include domains that reference internal infrastructure within your Oracle Cloud Infrastructure (OCI) tenancy or private IP addresses elsewhere on your network. You can use any domain name that you want in private DNS, and it’s resolvable only through your DNS resolver.

Private DNS also introduces support for connecting DNS resolvers across VCNs, on-premises networks, and trusted companies. Many customers will also appreciate its ability to seamlessly extend your cloud DNS infrastructure to on-premises and vice versa.

Private DNS is available at no additional cost in all cloud regions starting today.

A screenshot that shows the Records list in private DNS.

Figure 1: DNS records in private DNS

Getting started

You can get started with private DNS immediately in all regions. To learn more, see the documentation and reference architecture:

Also view our new private DNS hands-on lab, where you can get experience by using a free tier account.

Use cases

Private DNS supports the following use cases.

Private DNS zones

You can now create private DNS zones on OCI and provide DNS resolution services to your cloud applications and services. These zones can be a custom private name of your choosing (such as ocizone.internal, shown in the following diagram) or an external domain that you optionally own through a registrar. For private DNS zones, the domain records are resolvable only by resources within your VCN.

Whether you need more domain names for your enterprise applications, DNS support for seamless cloud migration, or greater control over the domain name used for your private DNS, we have you covered.

A diagram that shows a private DNS zone named ocizone.internal in an OCI VCN.

Figure 2: Private DNS zone in OCI

Seamless DNS resolution between OCI and on-premises infrastructure (hybrid DNS and conditional forwarding)

We’ve also added support for conditional forwarding, which lets you take a policy-driven approach to name resolution across multiple DNS services, both on and off OCI. With this enhancement, even if your DNS architecture is split between on-premises and OCI, you can experience seamless name resolutions as a native cloud service.

In addition to supporting on-premises hybrid DNS scenarios, you can also use this functionality to integrate DNS across multiple VCNs or OCI tenancies.

This solution is provided by exposing a new private DNS resolver listening and forwarding endpoint in your VCN, which can be reached in the same way as your compute instances. We provide a flexible forwarding policy engine that supports domain and CIDR as optional filters to a DNS forwarding endpoint:

  • Domain name: Conditionally forward DNS requests based on domain names to a specific DNS server IP address.
  • CIDR: Forward requests originating from specific IP addresses to a specific DNS server IP address.
  • None: Forward all DNS requests to a specific DNS server IP address.

Hybrid DNS and conditional forwarding example

The following example shows a customer who has configured private DNS resolvers on their VCN. They configured the domain name onprem.internal as a filter for their private DNS resolver and pointed it to the on-premises DNS server with the IP address When their OCI instance asks for resolution of the domain app4.onprem.internal, it achieves resolution through their on-premises DNS server.

A diagram that shows the architecture explained in the preceding paragraph.

Figure 3: Example of hybrid DNS and conditional forwarding

A screenshot that shows a forwarding rule defined for the onprem.internal domain in Private DNS.

Figure 4: Conditional forwarding rule


Thank you for interest in Oracle Cloud Infrastructure Private DNS. On behalf of the DNS team, we encourage you to share any product feedback that you have in the comments.

Join the discussion

Comments ( 3 )
  • Neil Davis Saturday, December 5, 2020
    Hi, are there any additional requirements to be able to add a private view of a vcn in the same tenancy but in a different region?
  • Paul Cainkar (OCI) Wednesday, January 6, 2021
    Hi Neil,

    There are not any specific requirements, but you should be aware they operate independently across regions. Private DNS in region A is independent from region B entirely.

    You will need to configure network connectivity via remote peering connections and then and a forwarder/listener in each region to send DNS resolution traffic back and forth for their respective zones. It's very similar to how you would set this up to talk to on-prem.

    Please take a look here

    Please also see the DNS peering between VCNs here (The setup is basically the same, but you need to use a RPC (remote peering connection instead of a LPG (local peering connection).

    Feel free to reach out if you have any questions.
  • Michael Monday, March 8, 2021
    Hi Paul,

    So happy to see this implemented. Conditional forwarding has made it much easier to route requests to our Azure and on-prem infrastructure.

    I was wondering, do you have any plans to allow for more than one destination address for a forwarding rule? I am currently forwarding *.internal.net to a single on-prem DNS server, but I would much prefer to give it the full list of 3 DNS servers for redundancy.

Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha