Configuring Private Domain Names for ECSs
Overview
Scenario
If one of your ECSs is malfunctioning and you need to use the backup ECS, but you have not configured private domain names for the two ECSs, you have to change the private IP address in the code for the faulty ECS. This will interrupt your services, you need to launch your website again.
Here is the solution: Configure private domain names for the ECSs and include the private domain names in the code. If one ECS is malfunctioning, you only need to change the DNS record sets to direct traffic to a normal ECS. Your services will not be interrupted, and you do not need to launch the website again.
Architecture
Figure 1 shows the networking where ECSs and RDS instances are deployed in a VPC.
- ECS0: primary service node
- ECS1: public service node
- RDS1: service database
- ECS2: backup service node
- RDS2: backup database
Advantages
-
Higher efficiency and security
You can use private domain names to access ECSs in the VPCs, without going through the Internet.
-
In code, domain names are easier to be modified than IP addresses. When ongoing services need to run on another ECS, you only need to change the DNS record sets without modifying the code.
Resource Planning
The following table lists private zones and record sets planned for cloud servers.
Resource |
Private Zone |
Associated VPC |
Private IP Address |
Record Set Type |
Description |
---|---|---|---|---|---|
ECS1 |
api.ecs.com |
VPC_001 |
192.168.2.8 |
A |
Public service node |
ECS2 |
api.ecs.com |
VPC_001 |
192.168.3.8 |
A |
Backup for the public service node |
RDS1 |
db.com |
VPC_001 |
192.168.2.5 |
A |
Service database |
RDS2 |
db.com |
VPC_001 |
192.168.3.5 |
A |
Backup database |
Region |
Service |
Resource |
Description |
Quantity |
Monthly Price |
---|---|---|---|---|---|
CN-Hong Kong |
VPC |
VPC_001 |
The DNS server addresses must be the same as the private DNS server addresses of Huawei Cloud. For details, see What Are Huawei Cloud Private DNS Servers? |
1 |
Free |
ECS |
ECS0 ECS1 ECS2 |
3 |
|||
RDS |
RDS1 RDS2 |
2 |
|||
DNS |
api.ces.com db.com |
2 |
Free |
Configuring Private Zones
Figure 2 shows the process for configuring private zones.
- (Optional) On the VPC console, create a VPC and a subnet when you are configuring private domain names for servers during website deployment.
- On the DNS console, create private zones and associate them with the VPC, and add a record set to each private zone.
- (Optional) On the VPC console, change the DNS server addresses of the VPC subnet when you are configuring private domain names for servers.
Procedure
- (Optional) Create a VPC and a subnet.
Before configuring private domain names for the ECSs and databases required by your website, you need to create a VPC and a subnet.
- Go to the Create VPC page.
- Configure the parameters as prompted. Table 3 describes the key parameters.
Table 3 Parameters for creating a VPC Parameter
Description
Example Value
Region
Region of the VPC. For lower network latency and quicker resource access, select the nearest region.
CN-Hong Kong
Name
VPC name
VPC_001
CIDR Block
Network range of the VPC. All subnets must be within this range.
Choose one from the following CIDR blocks:
- 10.0.0.0/8–24
- 172.16.0.0/12–24
- 192.168.0.0/16–24
192.168.0.0/16
Name (default subnet)
Subnet name
Subnet
CIDR Block (default subnet)
Network range of the subnet, which must be within the VPC
192.168.0.0/24
Gateway
Gateway address of the subnet
192.168.0.1
DNS Server Address
Set the DNS server addresses of the VPC subnet to those provided by Huawei Cloud DNS.
100.125.1.250
100.125.3.250
- Click Create Now.
- Create private zones.
Create private zones for the domain names used by ECS1 and RDS1.
- Go to the Private Zones page.
- Click Create Private Zone.
- Configure the parameters based on Table 4.
Table 4 Parameters for creating a private zone Parameter
Description
Example Value
Name
Private domain name. You can create custom any compliant domain names, even top-level ones.
api.ecs.com
VPC
VPC to be associated with the private zone
VPC_001
Email
(Optional) Email address of the administrator managing the private zone. It is recommended that you set the email address to HOSTMASTER@Domain name.
For details about the email address, see Why Was the Email Address Format Changed in the SOA Record?
HOSTMASTER@ecs1.com
Tag
(Optional) Identifier used to group and search for resources. A tag consists of a key and value. You can set tags when there are many zones in your account.
For details about tag key and value requirements, see Table 5.
NOTE:If you have configured tag policies for DNS, you need to add tags to your zones based on the tag policies. If you add a tag that does not comply with the tag policies, zones may fail to be created. Contact the administrator to learn more about tag policies.
N/A
Description
(Optional) Description of a zone. The value cannot exceed 255 characters.
This is a private zone.
Table 5 Tag key and value requirements Parameter
Requirements
Example Value
Key
- Cannot be left blank.
- Must be unique for each resource.
- Can contain a maximum of 36 characters.
- Cannot start or end with a space nor contain special characters =*<>\,|/
example_key1
Value
- Cannot be left blank.
- Can contain a maximum of 43 characters.
- Cannot start or end with a space nor contain special characters =*<>\,|/
example_value1
- Click OK. Then check the private zone created for api.ecs.com.
You can view details about this private zone on the Private Zones page.
You can click the domain name to view SOA and NS record sets automatically generated for the zone.
- The SOA record set identifies the base DNS information about the domain name.
- The NS record set defines authoritative DNS servers for the domain name.
- Repeat steps 3 to 5 to create a private zone for db.com.
For details about private domain names, see Table 1.
- Add a record set to each private zone.
Add record sets to translate private domain names to private IP addresses of ECS1 and RDS1.
- Click the domain name.
- Click Add Record Set.
- Configure the parameters based on Table 6.
Table 6 Parameters for adding an A record set Parameter
Description
Example Value
Name
Domain name prefix
If this parameter is left blank, the primary domain name, for example, api.ecs.com, will be resolved
N/A
Type
Type of the record set
A – Map domains to IPv4 addresses
TTL (s)
Caching period of the record set on a DNS server
If your service address is frequently changed, set TTL to a small value.
Default value: 300s
Value
IPv4 addresses mapped to the domain name. Every two IPv4 addresses are separated using a line break.
Enter the private IP address of the ECS, for example, ECS1.
192.168.2.8
Tag
(Optional) Identifier used to group and search for resources. A tag consists of a key and value. You can set tags when there are many record sets in your account.
For details about tag key and value requirements, see Table 5.
NOTE:If you have configured tag policies for DNS, you need to add tags to your record sets based on the tag policies. If you add a tag that does not comply with the tag policies, record sets may fail to be created. Contact the administrator to learn more about tag policies.
N/A
Description
(Optional) Description of the record set
N/A
- Click OK. An A record set is added for api.ecs.com.
- Repeat steps 1 to 4 to add an A record set for db.com.
Set the record set value of db.com to 192.168.2.5.
For details, see Table 2.
- (Optional) Change the DNS server addresses of the VPC subnet.
After you configure private domain names for nodes in the website application, you need to change the DNS servers of the VPC subnet to those provided by the DNS service so that the domain names can be resolved.
For details, see How Do I Change Default DNS Servers of an ECS to Huawei Cloud Private DNS Servers?
- Switch to the backup ECS.
When ECS1 becomes faulty, you can switch services to ECS2 by changing the value of the record set added to private zone api.ecs.com.
- Log in to the management console.
- Click in the upper left and select CN-Hong Kong.
- Choose Networking > Domain Name Service.
The DNS console is displayed.
- In the navigation pane on the left, choose Private Zones.
- In the private zone list, click the name of the zone api.ecs.com.
- Locate the A record set and click Modify under Operation.
- Change the value to 192.168.3.8.
- Click OK.
Traffic to ECS1 will be directed to ECS2 by the private DNS server.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot