DNS Services

Introduction

Zadara Cloud Services supports DNS services on the following levels:

  1. VPC - DNS at this level allows the definition of DNS names that are resolvable within the context of a single VPC. VPC-level DNS services support the A (IPv4 address) DNS record type only. Once the CoreDNS engine is enabled by an admin user, any member user can enable or disable DNS services from any VPCs to which they have access.

  2. Private Hosted Zone - DNS at this level allows the definition of DNS names that are resolvable within the context of one or more VPCs associated to a hosted zone. Hosted Zone-level DNS services support all Route 53 DNS record types. Hosted zones are created and managed by admin or member users. Once the CoreDNS engine is enabled by an admin user, any member user can enable or disable DNS services from any VPCs to which he has access.

  3. Region Zone - DNS at a region (cluster-wide) hosted zone level allows the definition of DNS names that are exposed via the API (e.i. EC2, ELB), and are globally resolvable externally to valid DNS records.  Region Zone-level DNS services support all Route 53 DNS record types. There are two kinds of System Zones:

    • System-defined region zones - pre-defined system zones which are packaged with Zadara Cloud Services for use by various Zadara Cloud services. Although their name and domain name can be modified by an admin user, their record types cannot be modified and they cannot be deleted.

    • Admin-defined region zones - are created and fully managed by the admin user.

Zadara Cloud Services supports AWS Route 53 APIs to manage the DNS for both hosted and region zones. This support includes the definition and use of reusable hosted zones.

VPC DNS Support

Zadara Cloud Services supports VPC level DNS. VM instances can resolve all DNS addresses in the context of a single VPC. After the Core-DNS engine has been enabled and the VPC-DNS engine has been disabled, you must individually enable or disable each VPC.

Any newly created VPC is by default DNS-enabled, with an A record type for the domain’s IP address.

To enable or disable VPC-DNS via the UI

  1. Navigate to the Networking > VPCs view.

  2. Select the VPC from the displayed list and click Modify from the top toolbar.

  3. In the Modify VPC window which opens, check or uncheck the DNS Enabled box to enable or disable DNS.

  4. Click OK.

    image1

To enable or disable VPC-DNS via the CLI

  1. Use the following command to enable DNS support for a VPC:

    vpc update --enable-dns-support true vpc_id

  2. Use the following command to disable DNS support for a VPC:

    vpc update --enable-dns-support false vpc_id

Upgrade

For VPCs which were created before enabling the Coredns engine, but were not DNS-enabled:

  1. Navigate to the Networking > VPCs view.

  2. Select the VPC from the displayed list and click Modify from the top toolbar.

  3. In the Modify VPC window which opens, check the DNS Enabled box and click Modify.

  4. Click OK.

For VPCs which were created before enabling the Coredns engine, and are DNS-enabled:

  1. Navigate to the Networking > VPCs view.

  2. Select the VPC from the displayed list and click Modify from the top toolbar.

  3. In the Modify VPC window which opens, uncheck the DNS Enabled box and click Modify.

  4. Click OK. This detaches the VPC from the VPC-DNS engine.

  5. Re-open the Modify VPC dialog, check the DNS Enable field, and click OK. This enables the DNS services for this VPC through the Core-DNS engine.

To display DNS engine for each VPC via CLI

Enter the following command from the CLI:

vpc list -c id -c name -c service_vms

The ‘service_vms’ field will be empty if there is no DNS service. If there is a DNS service the ‘sevice_vms/vm_type’ field will display either ‘dnsmsq’ for the older VPC_DNS engine, or ‘coredns’ for the new DNS engine.

Sample Terraform Scenario

The following is an example of how to use VPC-DNS support with Terraform.

  1. Enable DNS in the VPC as described in VPC DNS Support.

  2. In the Terraform script, set the enable_dns_support flag to true, for a specific VPC.

    With DNS support enabled, any VM that you create within this VPC can use the private_dns_name returned in the describeInstances response to access other VMs in the VPC.

    When DNS support is enabled in a VPC, the system creates a VM with the following host name: host-a-b-c-d (where a.b.c.d is the VM IP address in the VPC)

    Any other VM instance in the VPC can access the host with the command: “ping host-a-b-c-d” instead of “ping a.b.c.d.

    This functionality is useful for applications that require DNS names and do not work with IP addresses.

  3. In addition, you can also add DNS A records to external IPs so they will be resolved within this VPC.

    For example, you can add an A record to resolve “service.<vpc-domain>” to any IP (usually external to the VPC). This allows you to define a globally named service resolution that resides external to the VPC.

    This DNS A record feature is useful for the same reason mentioned above- some applications require DNS names and do not work with IP addresses.