Infrastructure as a Service

 View Only

LinkedIn Share on LinkedIn

Complex DNS forwarding rules using Views in IBM Cloud DNS Services

By ANDREI TA posted Mon February 10, 2025 01:16 PM

  

Background

IBM Cloud DNS Services provides private DNS to Virtual Private Cloud (VPC) users. One of the main features is Custom Resolvers (CR) with DNS forwarding rules. Forwarding rules are a great tool that can be used to improve performance and make your network more resilient. Their basic function is to pass DNS queries to remote DNS servers for resolution.

Basic Use Case

To configure a DNS forwarding rule within IBM Cloud DNS Services, the following two key pieces of information are required:

  1. Zone name – defines which DNS queries will be processed under the forwarding rule
  2. Forward to – this can be the IP address of one or more remote DNS servers

Using the architecture shown in figure 1 as an example, we can see that there are two DNS resolvers where queries can be sent: the DNS Services’ resolver and the customer configured on-prem DNS resolver.

Figure 1.

With the use of forwarding rules, applications in both the on-prem network and the application VPC can make DNS queries to the Custom resolver and have the queries be redirected to the appropriate DNS resolver. This makes it much easier to configure, as applications don’t need to be updated to know where to direct their queries when new zones are added. 

DNS Views

Views are an advanced configuration of forwarding rules that IBM Cloud DNS Services offers. This type of configuration can be thought of as conditional forwarding rules which provide the ability to configure advanced routing such as split DNS. In addition to the normal information needed for a forwarding rule, users will also have to define a view expression. Expressions are definitions; when evaluated to be true, the received DNS query is routed to the configured DNS resolver. In DNS Services we currently only support expressions that utilize the source IP of the query. An example of a DNS view is:

Zone: example.com

Forward to: 161.26.0.8

View:

View Forward To: 161.26.0.7

View expression: ipInRange(source.ip, '10.240.0.0/24') 

Figure 2.

In this example, only if a query originates from the 10.240.0.0/24 subnet will the expression evaluate to true and the received query be routed to the DNS resolver at 161.26.0.7. Otherwise, the query will be routed to 161.26.0.8. This enables complex DNS configurations where the two DNS resolvers can contain different records for the same zone name.

0 comments
7 views

Permalink