Help Center/ Domain Name Service/ Best Practices/ Configuring Private Domain Names for ECSs
Updated on 2024-03-15 GMT+08:00

Configuring Private Domain Names for ECSs

Overview

Scenario

If one of your ECSs is malfunctioning and you need to use the backup ECS, but you have not configured private domain names for the two ECSs, you have to change the private IP address in the code for the faulty ECS. This will interrupt your services, you need to launch your website again.

Here is the solution: Configure private domain names for the ECSs and include the private domain names in the code. If one ECS is malfunctioning, you only need to change the DNS record sets to direct traffic to a normal ECS. Your services will not be interrupted, and you do not need to launch the website again.

Architecture

Figure 1 shows the networking where ECSs and RDS instances are deployed in a VPC.

  • ECS0: primary service node
  • ECS1: public service node
  • RDS1: service database
  • ECS2: backup service node
  • RDS2: backup database
Figure 1 Networking example

Advantages

  • Higher efficiency and security

    You can use private domain names to access ECSs in the VPCs, without going through the Internet.

  • Easier management

    In code, domain names are easier to be modified than IP addresses. When ongoing services need to run on another ECS, you only need to change the DNS record sets without modifying the code.

Resource Planning

The following table lists private zones and record sets planned for cloud servers.

Table 1 Private zones and record sets for each server

Resource

Private Zone

Associated VPC

Private IP Address

Record Set Type

Description

ECS1

api.ecs.com

VPC_001

192.168.2.8

A

Public service node

ECS2

api.ecs.com

VPC_001

192.168.3.8

A

Backup for the public service node

RDS1

db.com

VPC_001

192.168.2.5

A

Service database

RDS2

db.com

VPC_001

192.168.3.5

A

Backup database

Table 2 Resource planning

Region

Service

Resource

Description

Quantity

Monthly Price

CN-Hong Kong

VPC

VPC_001

The DNS server addresses must be the same as the private DNS server addresses of Huawei Cloud.

For details, see What Are Huawei Cloud Private DNS Servers?

1

Free

ECS

ECS0

ECS1

ECS2

  • Private domain name: api.ecs.com
  • Associated VPC: VPC_001
  • ECS1: public service node

    Private IP address: 192.168.2.8

  • ECS2: backup service node
  • Private IP address: 192.168.3.8

3

ECS Product Pricing Details

RDS

RDS1

RDS2

  • Private domain name: db.com
  • Associated VPC: VPC_001
  • RDS1: service database

    Private IP address: 192.168.2.5

  • RDS2: backup database

    Private IP address: 192.168.3.5

2

RDS Product Pricing Details

DNS

api.ces.com

db.com

  • api.ces.com

    Associated VPC: VPC_001

    Record set type: A

    Value: 192.168.2.8

  • db.com

    Associated VPC: VPC_001

    Record set type: A

    Value: 192.168.2.5

2

Free

Configuring Private Zones

Figure 2 shows the process for configuring private zones.

Figure 2 Process for configuring private zones
  1. (Optional) On the VPC console, create a VPC and a subnet when you are configuring private domain names for servers during website deployment.
  2. On the DNS console, create private zones and associate them with the VPC, and add a record set to each private zone.
  3. (Optional) On the VPC console, change the DNS server addresses of the VPC subnet when you are configuring private domain names for servers.

Procedure

  1. (Optional) Create a VPC and a subnet.

    Before configuring private domain names for the ECSs and databases required by your website, you need to create a VPC and a subnet.

    1. Go to the Create VPC page.
    2. Configure the parameters as prompted. Table 3 describes the key parameters.
      Table 3 Parameters for creating a VPC

      Parameter

      Description

      Example Value

      Region

      Region of the VPC. For lower network latency and quicker resource access, select the nearest region.

      CN-Hong Kong

      Name

      VPC name

      VPC_001

      CIDR Block

      Network range of the VPC. All subnets must be within this range.

      Choose one from the following CIDR blocks:

      • 10.0.0.0/8–24
      • 172.16.0.0/12–24
      • 192.168.0.0/16–24

      192.168.0.0/16

      Name (default subnet)

      Subnet name

      Subnet

      CIDR Block (default subnet)

      Network range of the subnet, which must be within the VPC

      192.168.0.0/24

      Gateway

      Gateway address of the subnet

      192.168.0.1

      DNS Server Address

      Set the DNS server addresses of the VPC subnet to those provided by Huawei Cloud DNS.

      100.125.1.250

      100.125.3.250

    3. Click Create Now.

  2. Create private zones.

    Create private zones for the domain names used by ECS1 and RDS1.

    1. Go to the Private Zones page.
    2. Click Create Private Zone.
    3. Configure the parameters based on Table 4.
      Table 4 Parameters for creating a private zone

      Parameter

      Description

      Example Value

      Name

      Private domain name. You can create custom any compliant domain names, even top-level ones.

      api.ecs.com

      VPC

      VPC to be associated with the private zone

      VPC_001

      Email

      (Optional) Email address of the administrator managing the private zone. It is recommended that you set the email address to HOSTMASTER@Domain name.

      For details about the email address, see Why Was the Email Address Format Changed in the SOA Record?

      HOSTMASTER@ecs1.com

      Tag

      (Optional) Identifier used to group and search for resources. A tag consists of a key and value. You can set tags when there are many zones in your account.

      For details about tag key and value requirements, see Table 5.

      NOTE:

      If you have configured tag policies for DNS, you need to add tags to your zones based on the tag policies. If you add a tag that does not comply with the tag policies, zones may fail to be created. Contact the administrator to learn more about tag policies.

      N/A

      Description

      (Optional) Description of a zone. The value cannot exceed 255 characters.

      This is a private zone.

      Table 5 Tag key and value requirements

      Parameter

      Requirements

      Example Value

      Key

      • Cannot be left blank.
      • Must be unique for each resource.
      • Can contain a maximum of 36 characters.
      • Cannot start or end with a space nor contain special characters =*<>\,|/

      example_key1

      Value

      • Cannot be left blank.
      • Can contain a maximum of 43 characters.
      • Cannot start or end with a space nor contain special characters =*<>\,|/

      example_value1

    4. Click OK. Then check the private zone created for api.ecs.com.

      You can view details about this private zone on the Private Zones page.

      You can click the domain name to view SOA and NS record sets automatically generated for the zone.

      • The SOA record set identifies the base DNS information about the domain name.
      • The NS record set defines authoritative DNS servers for the domain name.
    5. Repeat steps 3 to 5 to create a private zone for db.com.

      For details about private domain names, see Table 1.

  1. Add a record set to each private zone.

    Add record sets to translate private domain names to private IP addresses of ECS1 and RDS1.

    1. Click the domain name.

      The record set page is displayed.

    2. Click Add Record Set.
    3. Configure the parameters based on Table 6.
      Table 6 Parameters for adding an A record set

      Parameter

      Description

      Example Value

      Name

      Domain name prefix

      If this parameter is left blank, the primary domain name, for example, api.ecs.com, will be resolved

      N/A

      Type

      Type of the record set

      A – Map domains to IPv4 addresses

      TTL (s)

      Caching period of the record set on a DNS server

      If your service address is frequently changed, set TTL to a small value.

      Default value: 300s

      Value

      IPv4 addresses mapped to the domain name. Every two IPv4 addresses are separated using a line break.

      Enter the private IP address of the ECS, for example, ECS1.

      192.168.2.8

      Tag

      (Optional) Identifier used to group and search for resources. A tag consists of a key and value. You can set tags when there are many record sets in your account.

      For details about tag key and value requirements, see Table 5.

      NOTE:

      If you have configured tag policies for DNS, you need to add tags to your record sets based on the tag policies. If you add a tag that does not comply with the tag policies, record sets may fail to be created. Contact the administrator to learn more about tag policies.

      N/A

      Description

      (Optional) Description of the record set

      N/A

    4. Click OK. An A record set is added for api.ecs.com.
    5. Repeat steps 1 to 4 to add an A record set for db.com.

      Set the record set value of db.com to 192.168.2.5.

      For details, see Table 2.

  2. (Optional) Change the DNS server addresses of the VPC subnet.

    After you configure private domain names for nodes in the website application, you need to change the DNS servers of the VPC subnet to those provided by the DNS service so that the domain names can be resolved.

    For details, see How Do I Change Default DNS Servers of an ECS to Huawei Cloud Private DNS Servers?

  1. Switch to the backup ECS.

    When ECS1 becomes faulty, you can switch services to ECS2 by changing the value of the record set added to private zone api.ecs.com.

    1. Log in to the management console.
    2. Click in the upper left and select CN-Hong Kong.
    3. Choose Networking > Domain Name Service.

      The DNS console is displayed.

    4. In the navigation pane on the left, choose Private Zones.
    5. In the private zone list, click the name of the zone api.ecs.com.
    6. Locate the A record set and click Modify under Operation.
    7. Change the value to 192.168.3.8.
    8. Click OK.

    Traffic to ECS1 will be directed to ECS2 by the private DNS server.