DNS Services

Introduction

Zadara Cloud Services supports DNS services on the following levels:

  1. VPC - DNS at this level allows the definition of DNS names that are resolvable within the context of a single VPC. VPC-level DNS services support the A (IPv4 address) DNS record type only. Once the CoreDNS engine is enabled by an admin user, any member user can enable or disable DNS services from any VPCs to which they have access.

  2. Private Hosted Zone - DNS at this level allows the definition of DNS names that are resolvable within the context of one or more VPCs associated to a hosted zone. Hosted Zone-level DNS services support all Route 53 DNS record types. Hosted zones are created and managed by admin or member users. Once the CoreDNS engine is enabled by an admin user, any member user can enable or disable DNS services from any VPCs to which he has access.

VPC DNS Support

Zadara Cloud Services supports VPC level DNS. VM instances can resolve all DNS addresses in the context of a single VPC. After the Core-DNS engine has been enabled and the VPC-DNS engine has been disabled, you must individually enable or disable each VPC.

Any newly created VPC is by default DNS-enabled, with an A record type for the domain’s IP address.

How VPC passes DNS Servers via DHCP

When VPC DNS is enabled, the VPC DHCP service provides VMs with a pair of internal IPs as DNS servers. The VPC DNS service will look up any local zone records internally, and it will forward queries to the DNS servers provided in the DHCP Option Set for all external domains.

When VPC DNS is disabled, the VPC DHCP service provides VMs with the exact IPs of the DNS servers configured in the DHCP Option Set. In this case, DNS requests will go directly from VMs to the external DNS nameservers.

Enable or Disable VPC-DNS

Enable or disable VPC-DNS via UI

To enable or disable VPC-DNS via the UI:

  1. Navigate to the Networking > VPCs view.

  2. Select the VPC from the displayed list and click Modify from the top toolbar.

  3. In the Modify VPC window which opens, check or uncheck the DNS Enabled box to enable or disable DNS.

  4. Click OK.

    image1

Enable or disable VPC-DNS via CLI

To enable or disable VPC-DNS via the CLI:

  1. Use the following command to enable DNS support for a VPC:

    vpc update --enable-dns-support true vpc_id

  2. Use the following command to disable DNS support for a VPC:

    vpc update --enable-dns-support false vpc_id

Upgrade

For VPCs which were created before enabling the Coredns engine, but were not DNS-enabled:

  1. Navigate to the Networking > VPCs view.

  2. Select the VPC from the displayed list and click Modify from the top toolbar.

  3. In the Modify VPC window which opens, check the DNS Enabled box and click Modify.

  4. Click OK.

For VPCs which were created before enabling the Coredns engine, and are DNS-enabled:

  1. Navigate to the Networking > VPCs view.

  2. Select the VPC from the displayed list and click Modify from the top toolbar.

  3. In the Modify VPC window which opens, uncheck the DNS Enabled box and click Modify.

  4. Click OK. This detaches the VPC from the VPC-DNS engine.

  5. Re-open the Modify VPC dialog, check the DNS Enable field, and click OK. This enables the DNS services for this VPC through the Core-DNS engine.

To display DNS engine for each VPC via CLI

Enter the following command from the CLI:

vpc list -c id -c name -c service_vms

The ‘service_vms’ field will be empty if there is no DNS service. If there is a DNS service the ‘sevice_vms/vm_type’ field will display either ‘dnsmsq’ for the older VPC_DNS engine, or ‘coredns’ for the new DNS engine.

Sample Terraform Scenario

The following is an example of how to use VPC-DNS support with Terraform.

  1. Enable DNS in the VPC as described in VPC DNS Support.

  2. In the Terraform script, set the enable_dns_support flag to true, for a specific VPC.

    With DNS support enabled, any VM that you create within this VPC can use the private_dns_name returned in the describeInstances response to access other VMs in the VPC.

    When DNS support is enabled in a VPC, the system creates a VM with the following host name: host-a-b-c-d (where a.b.c.d is the VM IP address in the VPC)

    Any other VM instance in the VPC can access the host with the command: “ping host-a-b-c-d” instead of “ping a.b.c.d.

    This functionality is useful for applications that require DNS names and do not work with IP addresses.

  3. In addition, you can also add DNS A records to external IPs so they will be resolved within this VPC.

    For example, you can add an A record to resolve “service.<vpc-domain>” to any IP (usually external to the VPC). This allows you to define a globally named service resolution that resides external to the VPC.

    This DNS A record feature is useful for the same reason mentioned above- some applications require DNS names and do not work with IP addresses.