All Products
Search

This Product

    Alibaba Cloud DNS:Synchronize intranet DNS records to self-managed DNS servers

    Document Center

    Alibaba Cloud DNS:Synchronize intranet DNS records to self-managed DNS servers

    Last Updated:Nov 28, 2023

    This topic describes how to configure intranet Domain Name System (DNS) records by using Private DNS and synchronize the intranet DNS records to self-managed DNS servers in hybrid clouds.

    Scenarios

    A self-managed data center is connected to an Alibaba Cloud virtual private cloud (VPC) over a VPN gateway or an Express Connect circuit. Services deployed in the self-managed data center and the Alibaba Cloud VPC need to access each other by using DNS requests. Therefore, DNS data must be shared between the self-managed data center and the Alibaba Cloud VPC to achieve real-time access between services.

    Difficulties

    A self-managed data center and an Alibaba Cloud VPC are two isolated network environments. Enterprises often use open source software such as BIND 9 to build DNS services in their self-managed data centers. In Alibaba Cloud VPCs, enterprises often use Private DNS for intranet DNS resolution.

    Data sharing between self-managed data centers and Alibaba Cloud VPCs is a major difficulty in implementing intranet DNS resolution in hybrid clouds. When operations and maintenance (O&M) engineers of enterprises manage a separate set of DNS data for each network environment, they must perform a lot of repetitive work and face the high risk of data inconsistency and service instability.

    This topic describes how to automatically synchronize the DNS records configured on the Private DNS page of the Alibaba Cloud DNS console to the DNS servers of a self-managed data center and generate a standard zone file. The file can take effect after it is loaded in BIND 9.

    Solutions

    1. DNS record management: You can manage DNS records on the Private DNS page of the Alibaba Cloud DNS console in a convenient manner.

    2. DNS record synchronization: Alibaba Cloud provides a lightweight tool for synchronizing DNS records. The tool automatically reads intranet DNS records by using the AccessKey pair of your Alibaba Cloud account and generates an on-premises zone file. You can click here to download the installation package of the tool and then decompress the package.

    3. DNS records loading: The BIND 9 software on the DNS servers of the self-managed data center loads the generated zone file.

    4. Testing of DNS record validity: Run the dig or ping command to check whether the DNS records take effect.

    Detailed configurations

    The following sections describe how to perform related configurations to synchronize the intranet DNS records for the domain name example.com.

    Tool configuration

    The tool consists of two parts: the synchronization program Zone_file_sync and the configuration file config.json.

    1. The following section shows the sample code of the config.json file.

    {
  "accessKeyId": "LCAIF4bcGHrU****",
  "accessKeySecret": "KT4eXSgppowkkPZ5AgSbxNMBHl****",
  "zone": [
    {
      "zoneName": "example.com",
      "zoneId": "298cc343c4387b0745e9b5e24fdej624",
      "filePath": "/var/named/example.com.zone"
    }
  ]
}

    In the preceding code:

    • accessKeyId and accessKeySecret constitute the AccessKey pair of an Alibaba Cloud account.

    • zoneName and zoneId are the name and the ID of the zone displayed on the Private DNS page of the Alibaba Cloud DNS console. Enter the value of zoneName and zoneId based on your business requirements.

    • filePath is the directory of the DNS servers for the self-managed data center where the zone file generated by the tool is stored. We recommend that you enter the zone file directory of BIND 9.

    • Zone can contain information about multiple zones. The value is in the JSON format. You can synchronize the DNS records of 10 zones at a time.

    BIND 9 configuration

    1. The following section shows the sample code of the named.conf file for BIND 9.

      zone "example.com" IN {
     type master;
     file "example.com.zone";
     allow-update { 127.0.0.1; };
};

    Auto-synchronization configuration

    After you prepare the synchronization tool and BIND 9, run the following commands in sequence to synchronize the latest intranet DNS records (you need to replace the commands based on your business requirements):

    1. Run the /usr/sbin/rndc freeze host.local command to suspend the updates of the DNS records.

    2. Run the ./Zone_file_sync -c config.json command to synchronize the DNS records.

    3. Run the /usr/sbin/rndc thaw host.local command to load data in BIND 9.

    You can write the preceding commands in a shell script and use the crontab feature of a Linux server to run the commands on a regular schedule. This way, the updated intranet DNS records in the Private DNS servers can be automatically synchronized to the DNS servers of the self-managed data center.

    Validity test

    Run the dig @localhost domain name command to check whether the synchronization takes effect.

    Summary

    This topic describes how to use an automatic synchronization tool to synchronize intranet DNS records from Private DNS servers to the DNS servers of a self-managed on-premises data center. This helps O&M engineers achieve DNS resolution in hybrid clouds, reduces the complexity of DNS configurations in hybrid clouds, and prevents the intranet DNS resolution in the self-managed data center from being affected by the failures of the Express Connect circuit or the VPN gateway.