Integrate on-premises, internal DNS zones with private DNS on OCI

June 8, 2023 | 3 minute read
Marco Santucci
EMEA Enterprise Cloud Solution Architect
Text Size 100%:

Integrating on-premises local domain name systems (DNS) with private cloud DNS is important for ensuring reliable connectivity between the two network environments. It enables centralized management of services and resources, efficiently directing traffic. This integration promotes a seamless and scalable experience for businesses operating in a hybrid environment. The on-premises DNS integration with Oracle Cloud Infrastructure (OCI)’s internal DNS can also be useful to extend the capabilities of your local area network (LAN) in a hybrid cloud environment and facilitate the management of both infrastructures without increasing the workload for internal IT.

By utilizing the DNS endpoint provided by OCI, devices in the corporate LAN can reach resources in the cloud environment and vice versa, making service management and integration quick and easy.

How to integrate DNS with private cloud DNS

Before you begin, you need the following prerequisites:

  • Your on-premises LAN is connected to OCI’s Virtual Cloud Network (VCN) service by VPN or FastConnect.

  • A private DNS server is correctly configured and running in your on-premises LAN.

  1. Create the DNS endpoint in OCI and create the rule for your private LAN domain. Within the VCN, click the DNS resolver.

    A screenshot of the Virtual Cloud Network Details page in the Oracle Cloud Console, showing the VCN information.

  2. Create the two endpoints. The one in listening mode responds to requests from the LAN, and the one in forwarding mode to transmit requests from OCI instances to your local DNS server.

    A screenshot of the Private Resolver Details page showing the private resolver information and endpoints.

    A screenshot of the Create Endpoint window with a public subnet.

  3. Create the rule the private local domain, where requests are forwarded to your private DNS server in your LAN. The destination IP address is the address of your private DNS server on your LAN.

    A screenshot of the Manage Rules window with the fields filled in.

  4. Create a forward zone on your private LAN DNS server to forward requests from devices in the local LAN to the OCI listening endpoint previously created.

  5. Create the corresponding firewall rules (on-premises or on OCI) to allow DNS traffic from and to your on-premises LAN. Default DNS requests use UDP protocol on port 53.


Now, from a computer into your company LAN, you can resolve the fully qualified domain name (FQDN) of a resource in Oracle Cloud Infrastructure and back without further management activities on the DNS servers.

For more information, see the following resources:

Marco Santucci

EMEA Enterprise Cloud Solution Architect

Previous Post

Oracle and UbiOps make your AI workloads land on OCI with NVIDIA GPUs

Kees Kwekkeboom | 2 min read

Next Post

Power Your Business Decisions with Oracle Autonomous Data Warehouse Dedicated and Oracle Analytics Cloud

Gloria Lee | 5 min read