Last week when reading through the latest Oracle Cloud Infrastructure Release Notes I ran into a new Feature named Private DNS.
Since DNS has always been a pain when we were setting up E-Business Suite (EBS) instances on Oracle Cloud Infrastructure using Cloud Manager I gave it a closer look. And indeed, this is a great feature making life a lot easier in some situations.
In the past, customers were forced to use Oracle provided DNS servers when using OCI / Cloud Manager. Only using these “black box” DNS servers, which are available under 169.254.169.254, can the Cloud Manager tool resolve the automatically started instances. This however has one major drawback: If the EBS servers need to resolve “internal” hosts (such as an E-Mail server or NFS Shares) one had to manually (or by scripting) modify the local /etc/hosts file on each server. If the IP addresses then continue to change, this had to be altered manually. Furthermore, this way it is not possible to have more than one IP for a logical DNS name.
A second area of constant trouble was that when e.g. providing a new EBS Clone for testing, it was always necessary to ensure that the IP address of this instance (or its load balancer) was entered in the companywide DNS directory. Often times, this is a different team than the team creating EBS clones. I have often yearned for a way to tell the companywide DNS directory that the entire zone ebs.company.com is managed by an OCI DNS server where the EBS admins themselves can create entries for devapps.ebs.company.com and so on.
In the past, both requirements could only be solved by installing a custom DNS server on OCI, which adds additional management efforts.
After reading the release notes and documentation on the new Private DNS feature; I first had to start a little game of hide-and-seek: The new feature is a bit hidden and can only be accessed by navigating to the Oracle Cloud Network in question and then pressing the link behind “DNS Resolver”:
This brings you to the Private Resolver Details, where first of all you have to define at least a “Forwarding Endpoint” (that is used to query an upstream DNS server) and eventually a “Listening Endpoint” (this IP address can be queried by your on-premise network to e.g. query *.ebs.company.com in the Oracle Cloud).
Resolving Company Names in OCI
Forwarding all “non-oracle-cloud” DNS resolution (or even only something like internal.company.com if you so wish) to your company DNS server can then be achieved by a simple “Rule” in the corresponding tab. After allowing DNS traffic for the previously defined Listening IP, I was able to query names that were only available in my company’s DNS by either explicitly querying the “Listening IP” or also when asking the default DNS server 169.254.169.254.
Defining an ebs.company.com zone
Besides forwarding to a local DNS server, the new feature can also easily be used to define custom entries such as devapps.ebs.company.com and then point to the load balancer or apps server hosting EBS. To do this, simply navigate to the “Default” private view (you can also create a custom one, but this is usually not necessary) and create a new zone like ebs.intern.dns in the following example below:
Then you can create an A or C record as in any other DNS server:
After publishing (!) and then waiting, you can resolve this with both the default DNS resolver (169.254.169.254) or with the “Listening IP” defined above.
Finally, you can change your company’s DNS server to forward the resolution of *.ebs.company.com to the Listening IP defined above and are no longer dependent on your DNS guys 😉