All Products
Search
Document Center

Synchronize DNS records to a user-owned IDC

Last Updated: Mar 07, 2019

This guide describes how to configure internal DNS records in the cloud using PrivateZone and synchronize these DNS records with a user-owned IDC in a hybrid cloud environment.

Scenarios

You are required to connect the network of a user-owned IDC to an Alibaba Cloud VPC using a dedicated leased line or a VPN. Services deployed in a user-owned IDC and Alibaba Cloud VPC are required to access each other using DNS queries. Therefore, you are required to share DNS resolution data between a user-owned IDC and a VPC to enable real-time access between services.

Precautions

A User-owned IDC and a VPC are attached to different networks. In a user-owned IDC, the DNS service is set up by customers using open-source applications such as bind9. In an Alibaba Cloud VPC, the PrivateZone service is used as a DNS resolution service.

In a hybrid network environment, sharing DNS resolution data between a user-owned IDC and PrivateZone becomes a pain point. Managing two sets of data not only increases duplication tasks but also increases the risk to consistency. This creates uncertainty for your business.

This guide describes how to synchronize DNS records automatically. You can synchronize resolution records configured in the PrivateZone console to the server of a user-owned IDC. You can use these resolution records to generate a standard Zone file and upload the file to bind9 to resolve DNS records.

Procedure

  1. Manage resolution records: With the Web console provided by PrivateZone, You can easily manage DNS resolution records.

  2. Synchronize resolution records: Using a light-weight synchronization tool of DNS records, you are allowed to automatically read resolution records of PrivateZone using the AccessKey of an Alibaba Cloud account and generate a Zone file on a local PC. Download the tool from the following link: https://dns-tool.oss-cn-beijing.aliyuncs.com/pvzone-sync-record/tools.zip. Then, extract the downloaded file.

  3. Load resolution records: You can use the internal DNS application bind9 of a user-owned IDC to load the generated Zone file.

  4. Perform a validation test: You can use the dig or ping command to perform a validation test.

Configurations

Take the configuration of the host.local file as an example.

Tool configurations

You are required to configure the Zone_file_sync application and the config.json file.

Configure the config.json file as follows:

  1. {
  2. "accessKeyId": "LCAIF4bcGHrUpUPR",
  3. "accessKeySecret": "KT4eXSgppowkkPZ5AgSbxNMBHlZtor",
  4. "Zone": [
  5. {
  6. "zoneName": "host.local",
  7. "zoneId": "298cc343c4387b0745e9b5e24fdej624",
  8. "filePath": "/var/named/host.local.zone"
  9. }
  10. ]
  11. }

In the file:

  • The combination of accessKeyID and accessKeySecret is the AccessKey of an Alibaba Cloud account.
  • You are required to replace the values of zoneName and zoneId with the zone ID and zone name that appear in the PrivateZone console.
  • filePath indicates the directory on the DNS server of a user-owned IDC, where you save the Zone file generated by the synchronization tool. We recommend that you set the value of this parameter to the directory where bind9 save its Zone files.
  • Zone includes a list of zones. You are allowed to set multiple zones to synchronize. Up to 10 zones at a time can be configured.

Configure bind9

Configure the named.conf file of bind9. In the named.conf file, configure host.local as follows:

  1. zone "host.local" IN {
  2. type master;
  3. file "host.local.zone";
  4. };

Configure automatic synchronization

After you complete the configuration for the synchronization tool and bind9, execute the following commands to synchronize the latest records of PrivateZone. You are required to replace some parameters of the following commands based on the actual environment.

  1. Lock updates: /usr/sbin/rndc freeze host.local
  2. Synchronize records: ./Zone_file_sync -c config.json
  3. Execute the command to load bind9 data: /usr/sbin/rndc thaw host.local

You can write all preceding commands to a shell script and execute the script at a scheduled time using the crontab function on the Linux server.

Perform a validation test

Execute this command to perform a validation test: dig @localhost

Summary

This guide describes how to use an automatic synchronization tool to synchronize the resolution records of PrivateZone to the internal DNS server of a user-owned IDC. Using the tool described in this guide, you can easily resolve DNS records in a hybrid cloud environment to simply DNS configurations. This solution can prevent the negative effects on DNS resolution of a user-owned IDC due to errors that occur on a dedicated leased line or a VPN.