Skip to main content

Configure DNS on the private network of the cloud platform

Last update:

To configure DNS on a cloud platform private network, you create a private zone with resource records. You then connect the network to the private zone and connect the network to the private DNS resolver.

If you need to configure DNS on a private network of dedicated servers, the connection is made through a global router, more details in the instructions Configure DNS on a private network of a dedicated server.

Connecting a network to a zone and connecting a network to a DNS resolver are done independently of each other. You can choose not to make these connections, make one or both, depending on your goals and the specifics of your infrastructure:

  • If a network is connected to a zone, when a port is added or changed on that network, an A- or AAAA record is automatically created or updated for it. The full domain name of the port in the record is formed as <server_name>.<zone_domain_name>. where <server_name> is the server name, <zone_domain_name> is the zone domain name. You can change the port's domain name manually, and the zone record will be updated automatically;
  • If a network is connected to a DNS resolver, servers on that network can resolve domain names of all zones within their pool and project.

Configure private DNS

DNS configuration is performed via API, IAM token for the project is used to authenticate requests. For a complete list of API methods for working with the service, see Private DNS API.

  1. Add a service user with the role member.

  2. For the added service user, get an IAM token for the project.

  3. Open the CLI.

  4. Make an API request to create a private zone with records. You can create records later:

    curl -X POST \
      https://<pool>.cloud.api.selcloud.ru/private-dns/v1/zones \
      -H "X-Auth-Token: <token>" \
      -H "Content-Type: application/json" \
      -d '{
        "name": "<zone_name>",
        "ttl": <ttl>,
        "domain": "<domain_name>.",
        "records": [
          {
            "type": "<record_type>",
            "domain": "<subdomain>.<zone_domain_name>.",
            "ttl": <record_ttl>,
            "values": [
              <value1>,<value2>
            ]
          }
        ]
      }'

    Specify:

    • <pool> - pool where the private network is located, e.g. ru-3;

    • <token> - The IAM token for the project you received in step 2;

    • <zone_name> - zone name;

    • <zone_ttl> - TTL of the zone in seconds, default is 3600. TTL is the time during which the zone resource record in the DNS server cache is considered up-to-date and does not require re-caching;

    • <zone_domain_name> - zone domain name, e.g. example. Can contain numbers, Latin letters and hyphens;

    • optional: add a block <"records"> with information about resource records in the zone. Records can be created and modified at any time after the zone is created. Records are specified in groups by type, for each group specify:

      • <record_type> - record type: A, AAAA, MX, TXT, CNAME;
      • <subdomain> - domain name of the port, e.g. first. Can contain numbers, Latin letters and hyphens;
      • <record_ttl> - TTL of the record in seconds, default is 3600. To have the record inherit the TTL of the zone, specify -1;
      • <value1>, <value2> - record values.

  5. If you want to connect a network to a zone, make an API request:

    curl -X PUT \
      https://<pool>.cloud.api.selcloud.ru/network/v2.0/networks/<network_id> \
      -H "X-Auth-Token: $TOKEN" \
      -H "Content-Type: application/json" \
        -d '{
        "network": {
              "dns_domain": "zone_domain_name"
              }
        }'

    Specify:

    • <pool> - pool in which the zone will be created, e.g. ru-3;
    • <zone_domain_name> - domain name of the zone you set in step 4.

  6. If you want to connect the network to a private DNS resolver, make an API request:

    curl -X POST \
      https://<pool>.cloud.api.selcloud.ru/private-dns/v1/services \
      -H "X-Auth-Token: $TOKEN" \
      -H "Content-Type: application/json" \
      -d '{
        "network_id": "<network>"
      }'

    Specify:

    • <pool> - pool where the network is located, e.g. ru-3;
    • <network> - Network ID, can be copied into control panel: in the top menu, click ProductsCloud ServersNetwork → tab Private Networks → in the network card, click .

  7. If you connected the network to a private DNS resolver in step 6, specify the IP addresses of the resolver in the subnet settings for that network:

    7.1 Look up the connection ID of the connection to the DNS resolver by performing a connection list API query:

    curl -X GET \
      https://<pool>.cloud.api.selcloud.ru/private-dns/v1/services \
      -H "X-Auth-Token: $TOKEN" \
      -H "Content-Type: application/json" \

    Specify < pool > - the pool where the network is located, for example ru-3.

    7.2 Look up the DNS resolver IP addresses on the subnet by running an API query:

    curl -X GET \
      https://ru-1.cloud.api.selcloud.ru//private-dns/v1/services/<service> \
      -H "X-Auth-Token: $TOKEN" \
      -H "Content-Type: application/json" \

    Specify:

    • <pool> - pool where the network is located, e.g. ru-3;
    • <service> - The connection ID to the DNS resolver you looked up in step 7.1.

    The IP addresses of the resolver are specified in the address field.

    7.3 Change the DNS servers in each of the subnets on this network.