All Products
Search

This Product

    Alibaba Cloud DNS PrivateZone:Synchronize DNS records to a user-owned IDC

    Document Center

    Alibaba Cloud DNS PrivateZone:Synchronize DNS records to a user-owned IDC

    Last Updated:Jan 16, 2023

    This topic describes how to configure Domain Name System (DNS) records of the internal network in the cloud by using PrivateZone and synchronize these DNS records to an on-premises data center in a hybrid cloud environment.

    Scenarios

    An on-premises data center is connected to an Alibaba Cloud virtual private cloud (VPC) through an Express Connect circuit or a VPN Gateway. Services deployed in an on-premises data center and an Alibaba Cloud VPC access each other through DNS queries. You must synchronize DNS records between the on-premises data center and the VPC to enable real-time access between services.

    Challenges

    An on-premises data center and a VPC are connected to different networks. In an on-premises data center, the user sets up the DNS service by using open source applications such as BIND9. In an Alibaba Cloud VPC, PrivateZone is used for internal DNS resolution.

    In a hybrid network environment, data sharing between the on-premises data center and PrivateZone has been a challenge in internal DNS resolution. Managing two sets of data increases duplicating tasks as well as the chance of data inconsistency. This brings risks to your business.

    This topic describes how to synchronize DNS records automatically. You can synchronize DNS records configured in the PrivateZone console to a server in an on-premises data center. You can also generate a standard zone file and load it in BIND9 for the DNS records to take effect.

    Resolution

    1 . Manage DNS records: The web console provided by PrivateZone allows you to manage DNS records.

    2 . Synchronize DNS records: A light-weight synchronization tool of DNS records is provided. After you enter the AccessKey of your Alibaba Cloud account, this tool automatically reads DNS records of PrivateZone and generates a zone file on the server that runs the tool. Download the tool package . Then, decompress the downloaded package.HEREH

    3 . Load DNS records: Use the DNS application of the on-premises data center, such as BIND9, to load the zone file.

    4 . Verify DNS records: Run the dig or ping command to verify the DNS records.

    Configuration details

    Take the configuration of the zone host.pvtz as an example.

    Synchronization tool configuration

    You must configure the Zone_file_sync application and the config.json file.

    1 . Configure the config.json file as follows:

    {
  "accessKeyId": "LCAIF4bcGHrUp****",
  "accessKeySecret": "KT4eXSgppowkkPZ5AgSbxNMBHl****",
  "zone": [
    {
      "zoneName": "host.pvtz",
      "zoneId": "298cc343c4387b0745e9b5e24fdej624",
      "filePath": "/var/named/host.pvtz.zone"
    }
  ]
}

    The parameters are described as follows:

    • accessKeyId and accessKeySecret are the two elements of the AccessKey of an Alibaba Cloud account.

    • zoneName and zoneId specify the zone name and zone ID displayed in the PrivateZone console. Replace the parameter values with the actual zone name and zone ID.

    • filePath specifies a directory on the DNS server of the on-premises data center, where the zone file generated by the synchronization tool is saved. We recommend that you set the value to the directory where BIND9 saves zone files.

    • Zone includes a list of zones. You can configure up to 10 zones for synchronization at a time.

    BIND9 configuration

    1 . Configure the named.conf file of BIND9. In the named.conf file, configure host.pvtz as follows:

    zone "host.pvtz" IN {
        type master;
        file "host.pvtz.zone";
        allow-update { 127.0.0.1; };
};

    Automatic synchronization configuration

    After you complete the configuration for the synchronization tool and BIND9, run the following commands to synchronize the latest DNS records of PrivateZone. Replace parameters in the commands based on the actual environment.

    1 . Suspend the update of DNS records: /usr/sbin/rndc freeze host.pvtz;

    2 . Synchronize DNS records: . /Zone_file_sync -c config.json;

    3 . Load DNS records in BIND9: /usr/sbin/rndc thaw host.pvtz;

    You can write all preceding commands to a shell script and run the script at a scheduled time by using the crontab function on a Linux server.

    Verify DNS records

    Run the dig @localhost Domain name; command to verify the DNS records.

    Conclusions:

    This topic describes how to use an automatic synchronization tool to synchronize the DNS records of PrivateZone to the internal DNS server of an on-premises data center. This simplifies DNS configuration in a hybrid cloud environment and avoids DNS resolution errors of an on-premises data center caused by failures on an Express Connect circuit or a VPN Gateway.