As mentioned in my previous blog, we can deploy a windows server compute instance in Oracle Cloud Infrastructure in the same VCN where the OCVS is deployed and perform standard DNS functionality. The question is how do VMware SDDC workloads in the NSX-T overlay network to access the DNS server out of the SDDC environment?
The Answer is DNS Forwarding, a DNS Forwarder is a Domain Name System (DNS) server on a network used to forward DNS queries for external DNS names to DNS servers outside of the network. In this blog, we can take a look at how to configure NSX-T Gateway as a DNS Forwarder and how to interact with OCI VCN routing.
Here is the logical topology of the lab setup.
- DNS server (192.168.2.5) locates in a VCN subnet
- Configure a DNS Server/Forwarder (172.16.2.254) on NSX-T tier-1 gateway
- Routing between NSX-T Tier-0 Gateway and OCI VCN is Static Routing
- The DNS Forwarder will forward SDDC workloads DNS request to the DNS server located in VCN
Here are the configuration steps:
- Provision a Windows2012 instance in OCI VCN.
- Follow these steps to set up a DNS server in Windows instance.
- Here are my DNS server configurations, the domain name is “testlab.local”, and created an A record “www” for testing.
3. Setup Forwarder for the non-local DNS lookup.
4. NSX-T Configuration:
4.1 Add a Default Zone under the Networking section. The DNS Servers IP address, 192.168.2.5, is the external DNS server to which the DNS Forwarder will forward DNS queries.
4.2 Add a DNS Service on the Tier-1 Gateway:
- The DNS Service IP 172.16.2.254 is the address that DNS clients use to reference.
- The Default DNS Zone is the DNS Zone created in Step 4.1
4.3 Configure the Tier-1 Gateway to advertise All DNS Forwarder Routes to Tier-0 Gateway
4.4 Routing between NSX-T and VCN is static routing, the default route on Tier-0 Gateway is provisioned during the SDDC cluster initialization.
5. OCI VCN configuration
5.1 In the lab setup, the DNS server is located in a VCN subnet, we will modify the subnet routing rules and security rules for the DNS traffic to the SDDC network.
5.2 Subnet Route Table and Security List
5.3 Add route for SDDC DNS Forwarder (172.16.2.0) in the subnet route table
5.4 Add Security list ingress rules for DNS traffic coming from the SDDC DNS Forwarder
6. Now we can successfully perform a DNS query on an SDDC VM, the following is the test result.