All Products
Search

This Product

    Alibaba Cloud DNS:Synchronize intranet resolution records to self-built DNS

    Document Center

    Alibaba Cloud DNS:Synchronize intranet resolution records to self-built DNS

    Last Updated:Oct 23, 2025

    This topic describes how enterprises can configure intranet DNS resolution records and synchronize them to self-built DNS in hybrid cloud networking scenarios.

    Business scenario

    Self-built IDC and Alibaba Cloud VPC are connected through dedicated lines or VPN. Services deployed in both self-built IDC and Alibaba Cloud VPC need to call each other through DNS queries. Therefore, DNS resolution data needs to be shared between self-built IDC and Alibaba Cloud VPC to enable real-time service calls.

    Implementation challenges

    Self-built IDC and Alibaba Cloud VPC belong to two separate network environments. In self-built IDC, customers often use open-source software such as bind9 to build their own DNS services. Within Alibaba Cloud VPC, customers use PrivateZone as their intranet DNS resolution service.

    Data sharing between self-built IDC and PrivateZone is a major pain point in hybrid cloud intranet DNS. Managing two separate sets of data not only increases repetitive work for operations engineers but also creates risks in data consistency management. This brings uncertainty to business operations.

    This topic introduces an automatic DNS synchronization solution that can automatically synchronize resolution records configured in the PrivateZone console to self-built IDC servers and generate standard Zone files that bind9 can load and apply.

    Solution

    1. Resolution record management: Resolution records are managed through the Alibaba Cloud DNS console. PrivateZone provides a web console UI, making DNS resolution record management very convenient.

    2. Resolution record synchronization: We provide a lightweight DNS record synchronization tool that automatically reads PrivateZone resolution records through Alibaba Cloud account AccessKey and generates Zone files locally. Click to download the tool, then decompress it.

    3. Resolution record loading: The bind9 DNS software in self-built IDC loads the generated Zone files.

    4. Resolution validation test: Use dig or ping commands to verify if the resolution is working.

    Detailed configuration

    Here we use example.com as an example for explanation.

    Tool configuration introduction

    The tool consists of two parts: the synchronization program Zone_file_sync and the configuration file config.json.

    1. Configuration format of config.json:

    {
  "accessKeyId": "LCAIF4bcGHrU****",
  "accessKeySecret": "KT4eXSgppowkkPZ5AgSbxNMBHl****",
  "zone": [
    {
      "zoneName": "example.com",
      "zoneId": "298cc343c4387b0745e9b5e24fdej624",
      "filePath": "/var/named/example.com.zone"
    }
  ]
}

    Where:

    • accessKeyId and accessKeySecret are the Alibaba Cloud account AccessKey.

    • zoneName and zoneId are the domain name (Zone) name and Zone ID displayed in the PrivateZone console. Please replace them with your own configuration.

    • filePath is the directory where the generated Zone files are stored on the DNS server in your self-built IDC. It is recommended to use your bind9 Zone file storage directory.

    • Zone is a JSON list that can configure multiple Zones that need to be synchronized, with a maximum of 10 Zones per synchronization.

    Bind9 configuration introduction

    1. bind9's named.conf configuration: In the named.conf file, the configuration for example.com is as follows:

      zone "example.com" IN {
     type master;
     file "example.com.zone";
     allow-update { 127.0.0.1; };
};

    Automatic synchronization configuration

    After preparing the synchronization tool and bind9, execute the following commands in sequence to synchronize the latest PrivateZone resolution records. (You need to replace these commands with the actual commands you will execute.)

    1. Execute update lock: /usr/sbin/rndc freeze host.local

    2. Execute record synchronization: ./Zone_file_sync -c config.json

    3. Execute bind9 data loading: /usr/sbin/rndc thaw host.local

    You can write the above commands into a Shell script and use the Linux server's crontab function to execute them periodically to achieve automatic synchronization of PrivateZone record updates.

    Validation test

    Use the following command for testing: dig @localhost domain-name.

    Summary

    This topic introduces a method of using an automatic synchronization tool to synchronize PrivateZone resolution records to local DNS servers in self-built IDC. This helps operations engineers build hybrid cloud DNS resolution solutions, effectively reduces the complexity of DNS configuration in hybrid cloud scenarios, and prevents the impact of dedicated line or VPN failures on DNS resolution within self-built IDC.