This topic describes how to configure Alibaba Cloud DNS PrivateZone (PrivateZone). This way, an Elastic Compute Service (ECS) instance in a virtual private cloud (VPC) that has no access to the Internet can call the Application Real-Time Monitoring Service (ARMS) API operations over an internal network of Alibaba Cloud.

Background information

ARMS provides public endpoints. If your ECS instance does not have a public bandwidth or a public IP address, you cannot send API requests by using tools such as Alibaba Cloud CLI or SDK. Alibaba Cloud provides PrivateZone to ensure that your ECS instance can send API requests over the Alibaba Cloud internal network. You can associate PrivateZone with the VPC in the region where your ECS instance is located.

Usage notes

  • You can configure PrivateZone only for regions that contain VPC-connected ECS instances. You cannot configure PrivateZone across regions.
  • We recommend that you use custom images that have Alibaba Cloud CLI or SDK deployed to create ECS instances. Otherwise, the ECS instances cannot load related dependencies without Internet access.
  • The following table describes the ARMS endpoints that support PrivateZone. Make sure that you use an endpoint listed in the table.
    Region Region ID CNAME record Endpoint
    China (Hangzhou) cn-hangzhou arms.cn-hangzhou.aliyuncs.com.gds.alibabadns.com arms.cn-hangzhou.aliyuncs.com
    China (Shanghai) cn-shanghai popunify.cn-shanghai.aliyuncs.com arms.cn-shanghai.aliyuncs.com
    China (Qingdao) cn-qingdao popunify.cn-qingdao.aliyuncs.com arms.cn-qingdao.aliyuncs.com
    China (Beijing) cn-beijing popunify.cn-beijing.aliyuncs.com arms.cn-beijing.aliyuncs.com
    China (Zhangjiakou) cn-zhangjiak popunify.cn-zhangjiakou.aliyuncs.com arms.cn-zhangjiakou.aliyuncs.com
    China (Hohhot) cn-huhehaote arms.cn-huhehaote.aliyuncs.com.gds.alibabadns.com arms.cn-huhehaote.aliyuncs.com
    China (Ulanqab) cn-wulanchabu arms.cn-wulanchabu.aliyuncs.com.gds.alibabadns.com arms.cn-wulanchabu.aliyuncs.com
    China (Shenzhen) cn-shenzhen popunify.cn-shenzhen.aliyuncs.com arms.cn-shenzhen.aliyuncs.com
    China (Heyuan) cn-heyuan arms.cn-heyuan.aliyuncs.com.gds.alibabadns.com arms.cn-heyuan.aliyuncs.com
    China (Guangzhou) cn-guangzhou arms.cn-guangzhou.aliyuncs.com.gds.alibabadns.com arms.cn-guangzhou.aliyuncs.com
    China (Chengdu) cn-chengdu arms.cn-chengdu.aliyuncs.com.gds.alibabadns.com arms.cn-chengdu.aliyuncs.com
    China (Hong Kong) cn-hongkong popunify.cn-hongkong.aliyuncs.com arms.cn-hongkong.aliyuncs.com
    Singapore (Singapore) ap-southeast-1 popunify.ap-southeast-1.aliyuncs.com arms.ap-southeast-1.aliyuncs.com
    Australia (Sydney) ap-southeast-2 arms.ap-southeast-2.aliyuncs.com.gds.alibabadns.com arms.ap-southeast-2.aliyuncs.com
    Malaysia (Kuala Lumpur) ap-southeast-3 arms.ap-southeast-3.aliyuncs.com.gds.alibabadns.com arms.ap-southeast-3.aliyuncs.com
    Indonesia (Jakarta) ap-southeast-5 arms.ap-southeast-5.aliyuncs.com.gds.alibabadns.com arms.ap-southeast-5.aliyuncs.com
    Japan (Tokyo) ap-northeast-1 arms.ap-northeast-1.aliyuncs.com.gds.alibabadns.com arms.ap-northeast-1.aliyuncs.com
    Germany (Frankfurt) eu-central-1 arms.eu-central-1.aliyuncs.com.gds.alibabadns.com arms.eu-central-1.aliyuncs.com
    UK (London) eu-west-1 arms.eu-west-1.aliyuncs.com.gds.alibabadns.com arms.eu-west-1.aliyuncs.com
    US (Virginia) us-east-1 arms.us-east-1.aliyuncs.com.gds.alibabadns.com arms.us-east-1.aliyuncs.com
    US (Silicon Valley) us-west-1 popunify.us-west-1.aliyuncs.com arms.us-west-1.aliyuncs.com
    India (Mumbai) ap-south-1 arms.ap-south-1.aliyuncs.com.gds.alibabadns.com arms.ap-south-1.aliyuncs.com
    Alibaba Gov Cloud cn-north-2-gov-1 arms.cn-north-2-gov-1.aliyuncs.com.gds.alibabadns.com arms.cn-north-2-gov-1.aliyuncs.com
    China East 1 Finance cn-hangzhou-finance arms.cn-hangzhou-finance.aliyuncs.com.gds.alibabadns.com arms.cn-hangzhou-finance.aliyuncs.com
    China East 2 Finance cn-shanghai-finance-1 arms.cn-shanghai-finance-1.aliyuncs.com.gds.alibabadns.com arms.cn-shanghai-finance-1.aliyuncs.com
    China South 1 Finance cn-shenzhen-finance-1 arms.cn-shenzhen-finance-1.aliyuncs.com.gds.alibabadns.com arms.cn-shenzhen-finance-1.aliyuncs.com

Procedure

  1. Log on to the Alibaba Cloud DNS console.
  2. In the left-side navigation pane, click PrivateZone. On the PrivateZone page, click Add Zone.
  3. In the Add PrivateZone dialog box, set the following parameters and click OK.
    • Zone Name: Enter an ARMS endpoint that supports PrivateZone. In this example, enter arms.cn-hangzhou.aliyuncs.com.
    • Subdomain recursive resolution proxy: If you select this option, when you query the subdomain names that are not configured in the zone namespace in the VPC, PrivateZone recursively resolves the subdomain names on the Internet. PrivateZone uses the recursive resolution result as the DNS response to your query and returns this response to the VPC.
    Add Private Zone
  4. On the PrivateZone page, find the created private zone in the zone list and click Configure in the Actions column.
  5. On the Resolution Settings page, click the Resolution Settings tab. On the Resolution Settings tab, click Add Record.
  6. In the Add Record dialog box, set the following parameters and click OK.
    • Type: Select CNAME from the drop-down list.
    • Resource Records: Enter @ to resolve the @.example.com domain name.
    • Record Value: Enter the CNAME record of the corresponding region. For more information, see Usage notes.
    • TTL value: the time period during which recursive DNS caches the domain name resolution results. In this example, select 1 minute.
    Add Record
  7. On the PrivateZone page, find the created private zone and click Bind VPC in the Actions column.
  8. In the Bind VPC panel, select the same region as the created private zone, select the VPC where your ECS instance is located, and then click Confirm. You can select multiple VPCs.
    Bind VPC

Verify the result

After you associate the VPC with the created private zone, you can log on to your ECS instance to check whether the instance can access the endpoint of the corresponding region. For more information, see Connect to a Linux instance by using password authentication.

arms.cn-hangzhou.aliyuncs.com is used in this example. Run the ping command to test the status of packet sending and receiving.

ping arms.cn-hangzhou.aliyuncs.com

If a result similar to the following content appears, your ECS instance can access the ARMS endpoint of the region.

Ping Private Zone