Help Center/ Domain Name Service/ Best Practices/ Best Practices for Private Domain Name Resolution/ Using DNS Resolver to Access a Specific Domain Name Across Regions
Updated on 2025-08-20 GMT+08:00

Using DNS Resolver to Access a Specific Domain Name Across Regions

Scenarios

An enterprise deploys VPCs and ECSs in multiple regions and uses Cloud Connect to enable cross-region VPC communication. The enterprise needs to flexibly control the traffic paths of different domain names for refined management.

For example, when an ECS in a VPC in a region of the Chinese mainland requests to access a specific Internet domain name (for example, www.example.com) outside the Chinese mainland, the request needs to be resolved over the Internet egress in the region outside the Chinese mainland. In addition, the service access to the domain name is also forwarded through the Internet egress. The requests for other Internet domain name are still forwarded through the Internet egress in the region where the VPC is located.

Solution Overview

The outbound and inbound endpoints of Huawei Cloud DNS Resolver work with Cloud Connect to allow access to specific domain names across regions.

Resource and Cost Planning

The following table lists the resources required for access to specific domain names across regions.

Table 1 Resources and costs

Resource

Resource Name

Description

Quantity

Cost

DNS Resolver

Inbound endpoint

  • In the CN-Hong Kong region, configure an inbound endpoint and associate it with VPC 2.
  • IP addresses: 172.16.5.5 and 172.16.6.6

2

Free

Outbound endpoint

  • In the CN East-Shanghai1 region, configure an outbound endpoint and associate it with VPC 1.
  • IP Addresses: 192.168.2.2 and 192.168.3.3

ECS

ECS 1

  • In the CN East-Shanghai1 region, purchase ECS 1 and associate it with VPC 1 and the outbound endpoint for accessing a specific Internet domain name.
  • Private IP address: 192.168.100.10

2

For details, see ECS Pricing Details.

ECS 2

  • In the CN-Hong Kong region, purchase ECS 2 and associate it with VPC 2, an EIP, and an inbound endpoint for testing the public NAT gateway.
  • Private IP address: 172.16.100.10

EIP

You can specify the resource name.

  • In the CN-Hong Kong region, purchase an EIP and bind it to the DNAT rule of the public NAT gateway.
  • IP address: 1.94.xx.xx

1

For details, see EIP Pricing Details.

NAT gateway

You can specify the resource name.

In the CN-Hong Kong region, purchase a public NAT gateway, add a DNAT rule for the gateway, and bind the EIP to the DNAT rule. In this way, multiple ECSs in different AZs in a VPC can share the EIP.

1

For details, see NAT Gateway Pricing Details.

VPC

VPC 1

  • Associate VPC 1 with the outbound endpoint and ECS 1.
  • Network segment: 192.168.0.0/16

2

Free

VPC 2

  • Associate VPC 2 with the inbound endpoint, ECS 2, and public NAT gateway.
  • Network segment: 172.16.0.0/12
Create and purchase the following resources in advance:
  • CN East-Shanghai1: VPC 1 and ECS 1 (associated with VPC 1)
  • CN-Hong Kong: VPC 2, ECS 2 (associated with VPC 2), EIP, and public NAT gateway

Process

Procedure

  1. Configure a public NAT gateway.

    Add a DNAT rule for the public NAT gateway and associate the DNAT rule with the purchased EIP. For details, see Adding a DNAT Rule.

  2. Connect VPCs in different regions.

    Create a cloud connection and load network instances VPC 1 and VPC 2 to enable communication between two VPCs. For details, see Using a Cloud Connection to Connect VPCs in the Same Account But Different Regions.

  3. Configure an inbound endpoint for DNS Resolver.
    1. Go to the Resolvers page.
    2. Click in the upper left corner and select the desired region and project.

      Select the CN-Hong Kong region.

    3. In the upper right corner of the page, click Create Endpoint.
    4. Configure the parameters based on Table 2.
      Figure 1 Creating an inbound endpoint
      Table 2 Parameters for creating an inbound endpoint

      Parameter

      Description

      Endpoint Type

      Type of the endpoint. There are two options: Inbound and Outbound.

      Select Inbound.

      Endpoint Name

      Name of the endpoint. The name can:

      • Contain only letters, digits, underscores (_), hyphens (-), and periods (.).
      • Contain 1 to 64 characters.

      Region

      Region where the inbound endpoint works.

      Select CN-Hong Kong.

      VPC

      The VPC over which all inbound DNS queries are forwarded to cloud DNS servers.

      Select VPC 2.

      CAUTION:

      The VPC cannot be changed after an endpoint is created.

      Subnet

      The subnet must have available IP addresses. Only IPv4 addresses are supported.

      IP Addresses

      There are two options: Automatically assign or Specify.

      Select Specify and enter the following IP addresses:

      172.16.5.5

      172.16.6.6

    5. Click Create Now.
  4. Configure an outbound endpoint and a forwarding rule for DNS Resolver.
    1. Create an outbound endpoint.
      1. Go to the Resolvers page.
      2. Click in the upper left corner and select the desired region and project.

        Select CN East-Shanghai1 in this step.

      3. In the upper right corner of the page, click Create Endpoint.
      4. Configure the parameters based on Table 3.
        Figure 2 Creating an outbound endpoint
        Table 3 Parameters for creating an outbound endpoint

        Parameter

        Description

        Endpoint Type

        Type of the endpoint. There are two options: Inbound and Outbound.

        Select Outbound.

        Endpoint Name

        Name of the endpoint. The name can:

        • Contain only letters, digits, underscores (_), hyphens (-), and periods (.).
        • Contain 1 to 64 characters.

        Region

        Region where the outbound endpoint works.

        Select CN East-Shanghai1.

        VPC

        The VPC over which all outbound DNS queries are forwarded to the IP addresses specified in the endpoint rules.

        Select VPC 1.

        CAUTION:

        The VPC cannot be changed after an endpoint is created.

        Subnet

        The subnet must have available IP addresses. Only IPv4 addresses are supported.

        IP Addresses

        There are two options: Automatically assign or Specify.

        Select Specify and enter the following IP addresses:

        192.168.2.2

        192.168.3.3

      5. Click Create Now.
    2. Create an endpoint rule.
      1. On the Resolvers page, click the Endpoint Rules tab.
      2. In the upper left corner above the rule list, click Add Endpoint Rule.
      3. Configure the parameters based on Table 4.
        Figure 3 Adding a rule
        Table 4 Parameters for adding an endpoint rule

        Parameter

        Description

        Name

        Name of the endpoint rule added to an outbound endpoint.

        Domain Name

        Enter the domain name to be accessed.

        Type

        By default, Resolver is selected.

        Outbound Endpoint

        Select the outbound endpoint that you want to add this endpoint rule to.

        Select the outbound endpoint created in step 4.a.

        Associate VPC

        Whether to associate VPCs with the endpoint rule.

        If this option is selected, you need to select one or more VPCs.

        Select this option.

        Region

        Region that the VPCs belong to.

        This parameter is displayed after Associate VPC is selected.

        Select CN East-Shanghai1.

        VPC

        Select the VPCs to be associated with the endpoint rule.

        This parameter is displayed after Associate VPC is selected.

        Select VPC 1.

        IP Addresses

        IP address of a DNS server in the on-premises data center.

        You can add one or more IP addresses.

        Enter the IP addresses specified in the inbound endpoint associated with VPC 2 in the CN-Hong Kong region.

        172.16.5.5

        172.16.6.6

        After an endpoint rule is added, the domain name, type, and outbound endpoint cannot be changed.

      4. Click OK.

Verification

  1. Ensure that the public NAT gateway takes effect and the cross-region VPCs are connected through Cloud Connect.

    The detailed steps are as follows:

    • Log in to ECS 2 and ping the external domain name to verify the public NAT gateway.

      Example: ping www.huawei.com

    • Log in to ECS 1 and run the ping command to access ECS 2 to verify the connectivity between the two VPCs.

      Example: ping 172.16.100.10

  2. Verify the access to the specific domain name across regions.

    Log in to ECS 1 and run the ping Domain name to be accessed command.

    Example: ping www.example.com

    If the command output displays the IP address mapped to domain name www.example.com, the access to the specific domain name is successful.