What is OCI DNS?
- A service to:
- Create DNS zones.
- Add records to DNS zones.
- Allow OCI edge network to handle your domain’s DNS queries.
Components of OCI DNS
- Domain: A location on the internet, e.g., oracle.com.
- A portion of the DNS namespace.
- Defined by a Start of Authority (SoA) record.
- Contains all labels under it in the DNS tree.
- Subdomain = Label + Dot (.) + Zone Name
- “www” in “www.google.com”
- “docs” & “cloud” in “docs.cloud.oracle.com”
- Records are associated with subdomains.
- Child Zone:
- Independent subdomain with its own Start of Authority (SoA) & Name Server (NS) records.
- Parent of child zone has NS records that refer DNS queries to child’s name servers.
- Resource Record:
- Contains specific domain information (called record data (RDATA)) for a zone.
- RDATA of A & AAAA records contain an IP address for a domain name.
- RDATA of MX records contain information about the mail server for a domain.
- Delegation: Name servers where your DNS is hosted & managed.
Limits of OCI DNS
- 1K zones per account.
- 25K records per zone.
- Max 1 MB per zone file for zone file uploads.
Reverse DNS Zones
Reverse DNS (rDNS) maps IP to hostname. Use cases:
- Add labels for tools like
- Populate the “Received” header of an SMTP email.
- Check for generic rDNS like 1-2-3-4.example.com to identify spammers.
- Verify relation between domain owner & server (IP) owner.
- Write human-readable hostname to logs.
- Determine affected hostname when maintenance is performed on an IP.
Resource Record Types Supported by OCI DNS
- A: An address record. Points a hostname to an IPv4 address.
- AAAA: An address record. Points a hostname to an IPv6 address.
- ALIAS: A private pseudo-record. Allows CNAME functionality at the apex of a zone.
- CAA: Certification Authority Authorization. Specifies CAs authorized to issue certificates for the domain.
- CDNSKEY: A Child DNSKEY moves a CDNSSEC key from a child zone to a parent zone.
- CDS: Child Delegation Signer. Child copy of a DS record, for transfer to a parent zone.
- CERT: A Certificate record. Stores public key certificates & related certificate revocation lists.
- CNAME: Canonical Name. Identifies the canonical name of a domain.
- CSYNC: Child-to-Parent Synchronization. Syncs records from child to parent zone.
- DHCID: DHCP Identifier. Stores DHCP client identifiers to eliminate potential hostname conflicts within a zone.
- DKIM: Domain Keys Identified Mail. A special TXT record. Supplies a public key used to authenticate arriving mail for a domain.
- DNAME: Delegation Name. Similar to CNAME. Maps an entire subtree beneath a label to another domain.
- DNSKEY: Documents public keys used for DNSSEC.
- DS: Delegation Signer. Resides at TLD. Points to child’s DNSKEY. Created when DNSSEC security authentication is added to the zone.
- IPSECKEY: Stores public keys for a host, network, or application to connect to IPSec systems.
- KEY: Stores a public key associated with a domain name. Used by SIG and TKEY.
- KX: Key Exchanger. Identifies a key management agent for domain with some cryptographic systems.
- LOC: Location. Stores geographic location data of computers, subnets, and networks.
- MX: Mail Exchanger. Defines the mail server accepting mail for the domain. Must point to a hostname. Must not point to a CNAME or IP.
- NS: Name Server. Lists authoritative nameservers for a zone.
- PTR: Pointer. Maps IP to hostname. Opposite to A record.
- PX: Used in X.400 mapping protocols.
- SOA: Start of Authority. Specifies authoritative information about a zone, including:
- Primary name server.
- Domain admin’s email.
- Domain serial number.
- Timers relating to refreshing the zone.
- SPF: Sender Policy Framework. A special TXT record. Stores data designed to detect email spoofing.
- SRV: Service Locator. Allows using several servers for single domain.
- SSHFP: SSH Public Key Fingerprint. Publishes SSH public host key fingerprints.
- TLSA: TLS Authentication. Associates TLS certificate or public key with domain.
- TXT: Holds descriptive, human readable text. Sometimes includes non-human readable content for specific uses. Used for SPF & DKIM.
Use HTTP Redirect service to redirect:
- One zone to another: example.net to example.com.
- Subdomain to URL: test.example.com to example.net/test.
- Subdomain to URL with port: camera.example.com to office.example.com:8080.
- Permanently redirect deprecated domain: HTTP 301.