After a private zone is created, the private zone record does not immediately override the Domain Name System (DNS) record for the same domain name on the public network. The private zone record will override the existing DNS record on the public network only when a user queries the private domain name from within the Virtual Private Cloud (VPC) with which you associate the private zone.
If you want to use PrivateZone to resolve both private domain names that are configured in the private zones and public domain names that are not configured in the zone namespaces, we recommend that you enable the recursive resolution proxy feature.
- Create a private zone named taobao.com.
Before you associate the private zone with a VPC, no DNS records are created for the private zone. The DNS resolver still returns the IP address in the public DNS record when www.taobao.com is resolved.
- Create DNS records for the private zone.
Before you associate the private zone with a VPC, you must add DNS records to the zone. This prevents any ongoing DNS query from being disrupted when an empty private zone is associated with a VPC.
Therefore, you must add DNS records for the domain names to a private zone before associating the private zone with a VPC.
- Associate the private zone with a VPC.
Associate the private zone that an Elastic Compute Service (ECS) instance accesses with the VPC in which the ECS instance resides. The private zone record will then override the public DNS record.
For example, the DNS record for the www.taobao.com private zone is set as follows:
www.taobao.com A 60 18.104.22.168.
Then, if a ping command is run on the ECS instance in the VPC, the domain name www.taobao.com is resolved to 22.214.171.124. The IP address to which www.taobao.com is resolved on the public network is overridden.