Skip to main content

General information about private DNS

Last update:

Private DNS is a service that allows you to manage domain names in private networks of the cloud platform and access cloud servers in private networks using domain names instead of IP addresses.

If you need a public DNS, use DNS hosting.

Private DNS can also be used for dedicated servers, more details can be found in the guide [Set up DNS in a dedicated server private network].

You can work with the service in the control panel, using the API, and Terraform.

The service supports user roles and permissions.

Operations with the internal DNS are recorded in audit logs.

Operating principle

You create a DNS zone with records for a private network, then connect the private network to a private DNS resolver—a service server that handles domain name resolution requests. In this case, two service DNS resolver ports are automatically created in each subnet of this network. The IP addresses of the DNS resolver ports must be specified on each server in the network.

Networks connected to a DNS resolver have access to records of all private DNS zones within their pool and project. Connecting a network to a DNS resolver does not provide automatic access to servers in another network by domain names — networks must be connected at the L3 level, for example, through a global router.

Each network in a pool is served by two DNS resolvers located in the same pool but on different hardware. If one DNS resolver fails, the second will continue to handle requests. In a multi-AZ pool, DNS resolvers are located in different availability zones — if a data center in one availability zone fails completely, the resolver in the other availability zone will continue to function.

You can manage DNS records (resource records) in DNS zones manually. Automatic creation and updating can be configured for A and AAAA records; to do this, connect a network to a DNS zone. A network can be connected to only one DNS zone. Automatically created or modified records are marked in the control panel with the tag Auto.

The DNS service operates independently of the subnet DHCP settings.

Available DNS record types

AMaps a domain name to an IPv4 network server IP address
AAAAMaps a domain name to an IPv6 network server IP address
MXPoints to a server for receiving incoming mail for a domain. If a domain has multiple mail servers, an MX record must be created for each server, specifying the priority for load balancing
TXTContains any text information that needs to be added to the domain settings. For example, it can store a DKIM key for outgoing email newsletters
CNAMEMaps an additional domain to a primary (canonical) domain so that both lead to the IP address of the primary domain. A CNAME record cannot be added for second-level domains. A domain with a CNAME record cannot have other resource records

Limits

Within a single pool in a project, you can:

  • connect no more than 10 networks to a private DNS resolver;
  • create no more than 100 DNS zones.

The maximum number of DNS records in a zone is 1000.

Cost

You can create DNS zones and records in them for free.

Connecting a network to a private DNS resolver is a paid service. Connectivity prices can be found on selectel.ru.