Alibaba Cloud DNS PrivateZone (PrivateZone) is an Alibaba Cloud private domain name resolution and management service based on Virtual Private Cloud (VPC). After you attach virtual border routers (VBRs) and Cloud Connect Network (CCN) instances to a Cloud Enterprise Network (CEN) instance, you can configure the on-premises networks connected to the VBRs and CCN instances to access PrivateZone through the CEN instance.

Limits

The on-premises networks connected to VBRs or CCN instances must be deployed in the same region as the PrivateZone service.

For example, if the PrivateZone service is deployed in the China (Beijing) region, only on-premises networks connected to VBRs or CCN instances in China (Beijing) can access the PrivateZone service.

Prerequisites

  • PrivateZone is deployed. For more information, see PrivateZone quick start.
  • The following network instances are attached to the same CEN instance: the VPC that is associated with the PrivateZone service, and the VBR and CCN instance that want to access the PrivateZone service. For more information, see Attach a network instance.
  • If your on-premises network uses a CCN instance to connect to Alibaba Cloud and the account that owns the CCN instance is different from the account that owns the VPC or CEN instance, you must grant the CCN instance required permissions. For more information, see Grant permissions to CCN.

Configure access to PrivateZone

  1. Log on to the CEN console.
  2. On the Instances page, find the CEN instance that you want to manage and click Manage in the Actions column.
  3. On the details page of the CEN instance, click the Private Zone tab.
  4. If this is your first time to configure PrivateZone, you must grant permissions to Smart Access Gateway (SAG). Click the Private Zone tab and then click Authorization. On the Cloud Resource Access Authorization page, click Confirm Authorization Policy. After you grant permissions to SAG, the CCN instance (a component of SAG) that is attached to the CEN instance can access PrivateZone.
  5. Return to the Private Zone tab and click Configure PrivateZone.
  6. In the Configure PrivateZone panel, set the following parameters and click OK.
    • Host Region: Select the region of the VPC where PrivateZone is deployed.
    • Host VPC: Select the VPC where PrivateZone is deployed.

      The on-premises network can access PrivateZone through the VPC.

    • Access Region: Select the region where the VBR or CCN instance that needs to access PrivateZone is deployed.

Delete PrivateZone configurations

  1. Log on to the CEN console.
  2. On the Instances page, find the CEN instance that you want to manage and click Manage in the Actions column.
  3. On the details page of the CEN instance, click the Private Zone tab, find the configuration that you want to delete, and then click Delete in the Actions column.
  4. In the Delete PrivateZone dialog box, click OK.

References