Help Center> Domain Name Service> Best Practices> Configuring a Private Domain Name for an ECS
Updated on 2022-02-08 GMT+08:00

Configuring a Private Domain Name for an ECS

Background

Private domain names do not need to be registered, and they take effect only within VPCs and are resolved by private DNS servers. With private domain names, you can have your own authoritative DNS servers in VPCs and avoid exposing your DNS records to the Internet. Private domain names improve resolution efficiencies, reduce latencies, and prevent DNS spoofing.

By configuring private zones for ECSs in VPCs, you can:

  • Access ECSs in the VPCs through private domain names without going through the Internet, achieving higher efficiency and security.
  • Write domain names, instead of IP addresses in the code. When an ECS is changed, you only need to change the DNS records without modifying the code.

Application Scenario

Figure 1 shows a typical application scenario of private domain names.

Figure 1 Networking example

Figure 1 shows the networking of a website, where ECSs and RDS instances are deployed in a VPC.

  • ECS0: primary service node
  • ECS1: public service node
  • RDS1: service database
  • ECS2 and RDS2: backup node and backup database

When ECS1 becomes faulty, ECS2 must take over. However, if no private zones are configured for the two ECSs, you need to change the private IP addresses in the code for ECS0. This will interrupt services, and you will need to publish the website again.

Now assume that you have configured private zones for the ECSs and have included their host names in the code. If ECS1 becomes faulty, you only need to change the DNS records to direct traffic to ECS2. Services are not interrupted, and you do not need to publish the website again.

This practice describes how to configure private zone for cloud servers.

Data Planning

Table 1 lists the private zones and record sets planned for the cloud servers.

Table 1 Private zones and record sets for each server

Item

Private Zone

Associated VPC

Private IP Address

Record Set Type

Description

ECS1

api.ecs.com

VPC_001

192.168.2.8

A

Node that provides public services

ECS2

api.ecs.com

VPC_001

192.168.3.8

A

Backup for the public service node

RDS1

db.com

VPC_001

192.168.2.5

A

Service database

RDS2

db.com

VPC_001

192.168.3.5

A

Backup database

Operation Procedure

Figure 2 shows the process for configuring private zones.

Figure 2 Process for configuring private zones

Process description:

  • Create a VPC and a subnet on the VPC console. This operation is required only when you are configuring private domain names for servers during initial website deployment.
  • Create a private zone and associate it with the VPC and add a record set to the private zone on the DNS console.
  • Change the DNS servers of the VPC subnet on the VPC console. This operation is required only when you are configuring private domain names for servers on which your website services are already running.

(Optional) Create a VPC and a Subnet

Before configuring private domain names for ECSs and database nodes during website deployment, you need to create a VPC and a subnet.

  1. Log in to the management console.
  2. Click in the upper left corner and select the desired region and project.
  3. In the Network category, click Virtual Private Cloud.
  4. In the navigation pane on the left, choose Virtual Private Cloud.
  5. Click Create VPC and set parameters based on Table 2.
    Table 2 VPC parameter description

    Parameter

    Description

    Example Value

    Region

    Region of the VPC. For low network latency and quick resource access, select the nearest region.

    CN North-Beijing1

    Name

    VPC name

    VPC_001

    CIDR Block

    Network range of the VPC. All VPC subnets must be within this range.

    Choose one from the following CIDR blocks:

    • 10.0.0.0/8–24
    • 172.16.0.0/12–24
    • 192.168.0.0/16–24

    192.168.0.0/16

    Name (default subnet)

    Subnet name

    Subnet

    CIDR Block (default subnet)

    Network range of the subnet, which must be within the VPC

    192.168.0.0/24

    Gateway

    Gateway address of the subnet

    192.168.0.1

    DNS Server Address

    Set the DNS severs of the VPC subnet to those provided by HUAWEI CLOUD DNS.

    100.125.1.250

    100.125.21.250

  6. Click Create Now.

Create a Private Zone

Create private zones for the domain names of ECS1 and RDS1.

  1. In the Network category, click Domain Name Service.

    The DNS console is displayed.

  2. In the navigation pane, choose Private Zones.
  3. Click Create Private Zone.
  4. Configure the parameters according to Table 3.
    Table 3 Parameters required for creating a private zone

    Parameter

    Description

    Example Value

    Name

    Private domain name. You can customize any correctly formatted domain names, even top-level ones.

    api.ecs.com

    VPC

    VPC to be associated with the private zone

    VPC_001

    Email

    (Optional) Email address of the administrator managing the private zone. It is recommended that you set the email address to HOSTMASTER@Domain name.

    For more details about the email address, see Why Is the Email Address Format Changed in the SOA Record?

    HOSTMASTER@ecs1.com

    Tag

    (Optional) Identifier used to group and search for resources. A tag consists of a key and value. You can set tags when there are many zones in your account.

    For details about tag key and value requirements, see Table 4.

    -

    Description

    (Optional) Description of a zone. The value cannot exceed 255 characters.

    This is a private zone.

    Table 4 Tag key and value requirements

    Parameter

    Requirements

    Example Value

    Key

    • Cannot be left blank.
    • Must be unique for each resource.
    • Can contain a maximum of 36 characters.
    • Cannot start or end with a space or contain special characters =*<>\,|/

    example_key1

    Value

    • Cannot be left blank.
    • Can contain a maximum of 43 characters.
    • Cannot start or end with a space or contain special characters =*<>\,|/

    example_value1

  5. Click OK. A private zone api.ecs.com is created.

    You can query information about the private zone you created on the Private Zones page.

    Click the zone name to query detailed zone information. The system has created record sets of the SOA type and NS type in the zone.

    • The SOA record set determines the DNS server that is the authoritative information source for a particular domain name.
    • The NS record set defines authoritative DNS servers for a zone.
  6. Repeat steps 3 to 5 to create a private zone db.com.

    For details about domain name planning, see Table 1.

Create a Record Set

Add the record sets to map private domain names to private IP addresses of ECS1 and RDS1.

  1. In the zone list on the Private Zones page, click the name of the private zone you created.

    The record set page is displayed.

  2. Click Add Record Set.
  3. Configure the parameters according to Table 5.
    Table 5 Parameters required for adding a record set of the A type

    Parameter

    Description

    Example Value

    Name

    Domain name prefix

    If this parameter is left blank, the record set name is api.ecs.com by default.

    -

    Type

    Type of the record set

    A – Map domains to IPv4 addresses

    TTL (s)

    Caching period of the record set on a DNS server

    If your service address is frequently changed, set TTL to a small value.

    The default value is 300, which is 5 minutes.

    Value

    IPv4 addresses mapped to the domain name. Every two IPv4 addresses are separated using a line break.

    Enter the private IP address of the ECS.

    192.168.2.8

    Tag

    (Optional) Identifier used to group and search for resources. A tag consists of a key and value. You can set tags when there are many record sets in your account.

    For details about tag key and value requirements, see Table 4.

    -

    Description

    (Optional) Description of the record set

    -

  4. Click OK. An A record set is added for api.ecs.com.
  5. Repeat steps 1 to 4 to add an A record set for db.com.

    Set the record set value of db.com to 192.168.2.5.

    For details, check Table 1.

(Optional) Change the DNS Servers of the VPC Subnet

After you configure private domain names for nodes in the website application, you need to change the DNS servers of the VPC subnet to those provided by the DNS service so that the domain names can be correctly resolved.

For details, see How Do I Switch to a Private DNS Server?

Switch to the Backup ECS

When ECS1 becomes faulty, you can switch services to ECS2 by changing the record set value in private zone api.ecs.com.

  1. Log in to the management console.
  2. Click in the upper left and select CN-Hong Kong.
  3. In the Network category, click Domain Name Service.

    The DNS console is displayed.

  4. In the navigation pane, choose Private Zones.
  5. In the private zone list, click the name of the zone api.ecs.com.
  6. Locate the A record set and click Modify under Operation.
  7. Change the value to 192.168.3.8.
  8. Click OK. The record set is modified.

Traffic to ECS1 will be seamlessly directed to ECS2 by the private DNS server.