Configure DNS on the private network of the cloud platform

To configure DNS on a cloud platform private network, you create a private zone with resource records. You then connect the network to the private zone and connect the network to the private DNS resolver.

If you need to configure DNS on a private network of dedicated servers, the connection is made through a global router, more details in the instructions Configure DNS on a private network of a dedicated server.

Connecting a network to a zone and connecting a network to a DNS resolver are done independently of each other. You can choose not to make these connections, make one or both, depending on your goals and the specifics of your infrastructure:

If a network is connected to a zone, when a port is added or changed on that network, an A- or AAAA record is automatically created or updated for it. The full domain name of the port in the record is formed as <server_name>.<zone_domain_name>. where <server_name> is the server name, <zone_domain_name> is the zone domain name. You can change the port's domain name manually, and the zone record will be updated automatically;
If a network is connected to a DNS resolver, servers on that network can resolve domain names of all zones within their pool and project.

Configure private DNS

DNS configuration is performed via API, IAM token for the project is used to authenticate requests. For a complete list of API methods for working with the service, see Private DNS API.

Add a service user with the role member.
For the added service user, get an IAM token for the project.
Open the CLI.
Create a private zone with records, do this by executing an API request:
```
curl -X POST \
  <endpoint>/zones \
  -H "X-Auth-Token: <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "<zone_name>",
    "ttl": <ttl>,
    "domain": "<zone_domain_name>.",
    "records": [
      {
        "type": "<record_type>",
        "domain": "<subdomain>.<zone_domain_name>.",
        "ttl": <record_ttl>,
        "values": [
          <value1>,<value2>
        ]
      }
    ]
  }'
```
Specify:
- <endpoint> - URL to access the private DNS API in the desired pool. The list of URLs can be found in the instructions List of URLs;
- <token> - The IAM token for the project you received in step 2;
- <zone_name> - zone name;
- <zone_ttl> - TTL of the zone in seconds, default is 3600. TTL is the time during which the zone resource record in the DNS server cache is considered up-to-date and does not require re-caching;
- <zone_domain_name> - zone domain name, e.g. example. Can contain numbers, Latin letters and hyphens;
- optional: add a "records" block with information about resource records in the zone. The records can be created and modified at any time after the zone is created. Records are specified in groups by type, for each group specify:
  - <record_type> - record type: A, AAAA, MX, TXT, CNAME;
  - <subdomain> - domain name of the port, e.g. first. Can contain numbers, Latin letters and hyphens;
  - <record_ttl> - TTL of the record in seconds, default is 3600. To have the record inherit the TTL of the zone, specify -1;
  - <value1>, <value2> - record values.
If you want to connect a network to a zone, make an API request:

curl -X PUT \
  https://<pool>.cloud.api.selcloud.ru/network/v2.0/networks/<network_id> \
  -H "X-Auth-Token: <token>" \
  -H "Content-Type: application/json" \
    -d '{
    "network": {
          "dns_domain": "<zone_domain_name>"
          }
    }'

Specify:

<token> - The IAM token for the project you received in step 2;
<pool> - pool where the network is located;
<zone_domain_name> - domain name of the zone you set in step 4.

If you want to connect the network to a private DNS resolver, make an API request:
```
curl -X POST \
  <endpoint>/services \
  -H "X-Auth-Token: <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "network_id": "<network>"
  }'
```
Specify:
- <endpoint> - URL to access the private DNS API in the desired pool. The list of URLs can be found in the instructions List of URLs;
- <token> - The IAM token for the project you received in step 2;
- <network> - Network ID, can be copied into control panel: in the top menu, click Products → Cloud Servers → Network → tab Private Networks → in the network card, click .
If you connected the network to a private DNS resolver in step 6, specify the IP addresses of the resolver in the subnet settings for that network:

7.1 Get the connection ID of the connection to the DNS resolver by performing a connection list API query:
```
curl -X GET \
  <endpoint>/services \
  -H "X-Auth-Token: <token>" \
  -H "Content-Type: application/json" \
```
- <endpoint> - URL to access the private DNS API in the desired pool. The list of URLs can be found in the instructions List of URLs;
- <token> - The IAM token for the project you received in step 2.
In the response to the request, copy the ID of the required connection, it is specified in the id field.

7.2 Get the IP addresses of the DNS resolver in the subnet, to do this, run an API query:
```
curl -X GET \
  <endpoint>/services/<service> \
  -H "X-Auth-Token: <token>" \
  -H "Content-Type: application/json" \
```
Specify:
- <endpoint> - URL to access the private DNS API in the desired pool. The list of URLs can be found in the instructions List of URLs;
- <service> - The connection ID to the DNS resolver that you obtained in step 7.1;
- <token> - The IAM token for the project you received in step 2.
In the response to the request, copy the IP addresses of the resolver, they are listed in the address field.

7.3 Add the DNS resolver IP addresses that you obtained in step 7.2 to the subnet settings by changing the DNS servers in each of the subnets on this network.