All Products
Search

This Product

    Alibaba Cloud DNS:Resolve domain names across environments

    Document Center

    Alibaba Cloud DNS:Resolve domain names across environments

    Last Updated:Mar 12, 2026

    In multi-cloud or hybrid cloud architectures, resolving domain names between environments is often required. This topic shows how to enable cross-environment service access through DNS, assuming you have already established network connectivity using an Express Connect circuit or an IPsec-VPN.

    Prerequisites

    Your environments are interconnected through a IPsec-VPN or an Express Connect circuit. For more information, see IPsec-VPN User Guide.

    Architecture

    image

    Expected outcomes

    • Access app.example.com from an ECS instance, and the DNS query is forwarded to an external DNS server through an outbound endpoint in the VPC.

    • Access test.oss-cn-hangzhou-internal.aliyuncs.com from your on-premises data center or another cloud environment. Your local DNS service forwards the query to Alibaba Cloud Private Zone through an inbound endpoint.

      Note

      test.oss-cn-hangzhou-internal.aliyuncs.com is the domain name for a sample OSS bucket for demonstration purpose. Replace it with the domain name of your actual Alibaba Cloud resource.

    Procedure

    Case 1: Access an on-premises domain from Alibaba Cloud

    1. Create an outbound endpoint with the IP addresses 192.168.100.74 and 192.168.192.219.image

    2. Create a forward rule. Specify the target domain name (example.com in this example) and the IP addresses of the external DNS servers (192.168.100.100 and 192.168.100.200 in this example).image

      Important

      If example.com is already configured as a private private zone, enable the recursive resolution proxy for subdomains.

    3. Add the VPC of the ECS instance as a scope for the forwarding rule. For more information, see Associate a scope with a rule.

    4. On the ECS instance, run dig app.example.com to test the solution.

    Case 2: Access an Alibaba Cloud domain from on-premises

    1. Add an inbound endpoint with the IP addresses 192.168.0.176 and 192.168.100.163.

      Warning

      The scope of the private zone for oss-cn-hangzhou-internal.aliyuncs.com must be set to your VPC. Otherwise, the query fails.

      Important

      • If your on-premises network conflicts with the default Private Zone IP addresses (100.100.2.136 and 100.100.2.138), or if you need to scope DNS resolution to a single VPC, configure custom Private Zone server IP addresses within a VPC.

      • Otherwise, you can use the default addresses for resolution.

    2. On your on-premises DNS server, add a forwarding rule to forward all queries for oss-cn-hangzhou-internal.aliyuncs.com to the Alibaba Cloud inbound endpoint.

    3. On a client in your on-premises network, run the dig test.oss-cn-hangzhou-internal.aliyuncs.com command to verify the resolution.