OCI Domain Name System (DNS) service: More than public names

April 3, 2023 | 6 minute read
Jaime Rojas
LAD A-Team Master Cloud Solutions Architect
Text Size 100%:

When we talk about domain name systems (DNS), we’re used to relating it with public records, such as how a common internet name is translated to IP addresses—www.oracle.com to 2600:1419:8400:295::a15, 104.91.135.109. But DNS is more than that. You probably use it in your office to access local resources, resolved by not public but private DNS services.

The 2022 S&P Global multicloud survey shows that 97% of companies have more than one cloud service provider running their applications in a multi or hybrid cloud environment. Deployments of this kind take the best of each provider but adds complexity to architecture.

Name resolution isn’t foreign to this situation. Most applications are designed in layers, and a best practice is to communicate with each layer through name resolution and avoid IP addresses hard coding. In the cloud, how your applications are deployed shouldn’t change. It doesn’t matter if your applications run 100% in Oracle Cloud Infrastructure (OCI), in a multicloud environment, or in a hybrid model. You need the ability to access all your resources by name.

OCI offers several different ways to work with DNS to access your resources the way you want, whether you require public or private name resolution. Read on for a quick introduction to OCI DNS zones, OCI private DNS, OCI DNS metrics, use cases for each, and some further resources to help you get started.

Figure 1: Hybrid multicloud architecture where each environment has its own domain
Figure 1: Hybrid multicloud architecture where each environment has its own domain

DNS zones

You can use private or public zones to create DNS records that reside on OCI name servers. You can create them as primary if you want to control them directly from OCI or secondary if you pull zone records. You can also create reverse DNS zones to map an IP address to a hostname.

Private DNS

OCI Private DNS allows you to use your own private DNS domain names and fully manage the associated zones and records to provide hostname resolution for your applications running within and between virtual cloud networks (VCNs), your on-premises, and other private networks.

When you create a VCN and subnets in OCI, you can specify DNS labels for each. You can only set subnet DNS labels if the VCN itself is created with a DNS label. The labels and the parent domain of oraclevcn.com form the VCN domain name and subnet domain name, as shown in the following examples:

  • VCN domain name: <VCN DNS label>.oraclevcn.com
  • Subnet domain name: <subnet DNS label>.<VCN DNS label>.oraclevcn.com

When you deploy an instance, you can assign a hostname. The hostname is assigned to the primary VNIC that's automatically created during instance deployment. With the subnet domain name, the hostname forms the instance's fully qualified domain name (FQDN): <hostname>.<subnet DNS label>.<VCN DNS label>.oraclevcn.com, such as instance-remote.publicsubnet.vcnremote.oraclevcn.com.

DNS Metrics

You can monitor the health, capacity, and performance of your DNS services by using metrics, alarms, and notifications. The following metrics are automatically available, so you don’t need to enable monitoring on the resource.

Table 1: OCI DNS Metrics

Metric

Metric display name

Unit

Description

Dimensions

DNSQueryCount

DNSQueryCount

Count

The number of queries for a DNS zone.

resourceID

TrafficManagementQueryCount

TrafficManagementQueryCount

Count

The number of queries for a zone with Traffic Management policies attached.

resourceID¿

 

OCI DNS service use cases

On-premises to OCI: Two-way private name resolution

You can configure OCI DNS service to access your on-premises resources and resources in other clouds by their names with a private connection. With this configuration, you can deploy your application layer on-premises and configure it to access databases through DNS.

The on-premises DNS server forwards all the OCI name resolution requests to OCI DNS, avoiding manually configuring each OCI DNS entry on the on-premises names server. For a step-by-step configuration, check out this tutorial: Configure two way domain name resolution for OCI and On-Premises services.

Figure 2: OCI to on-premises name server resolution
Figure 2: OCI to on-premises name server resolution

 

Private DNS Zone

By default, OCI resources have their own default names, following the formula, <hostname>.<subnet DNS label>.<VCN DNS label>.oraclevcn.com. This configuration can be confusing or larger than expected for your applications. If you want to customize or keep your own company standard, you can create your own customized private DNS zone with custom records.

Figure 3: OCI DNS private zone
Figure 3: OCI DNS private zone

 

Figure 4: Custom private zone for DNS resolution
Figure 4: Custom private zone for DNS resolution

 

Public DNS publishing

The most common use of OCI DNS Service is publishing public records to the internet. You can manage your own public domain names directly from the Oracle Cloud Console with a highly available service level agreement (SLA).

Figure 5: OCI Public DNS service
Figure 5: OCI Public DNS service

Try it yourself

These examples are some of the most common OCI DNS service use cases. You can use this service to create and publish your public records to the internet and access your private Oracle Cloud Infrastructure, on-premises, or other cloud resources.

You can keep exploring OCI services to achieve your own architecture requirements. For example, you can use an external custom server as your name server for all your VCN subnets with DHCP options or delegates your name resolution with DNS forwarding rules.

For more information on DNS, see the following resources:

 

Jaime Rojas

LAD A-Team Master Cloud Solutions Architect

Multi-cloud certified Electronic Engineer with 15+ years on IT Industry, and more than 9+ years on Cloud Industry. Customers are my priority and offering them innovative and cutting-edge solutions is my main goal.


Previous Post

Disaster recovery at scale with OCI Full Stack Disaster Recovery

Gregory King | 4 min read

Next Post


Layered architecture diagrams with Draw.io

Andrew Gregory | 12 min read