CloudStack And DNS Services

The CloudStack “Virtual Router” provides “Private DNS” services for guest instances. The hostnames can be set from the Add Instance creation wizard or directly via the deployVirtualMachine API call.

Screen Shot 2013-11-15 at 12.10.18 pm

Instances that are created with the “Name” (Optional) parameter will have it’s forward and reverse DNS entry set to the user defined value. In the screenshot below, the newly launched instance has its “Name” set to “Tiny4”.

The DNS entry can be verified by using the host command.

Screen Shot 2013-11-15 at 12.15.49 pm

Screen Shot 2013-11-15 at 12.14.49 pm

So for the private DNS resolution to work…

  1. Clients would need to update their DNS settings to use the CloudStack VR
  2. Have access to the private guest network to reach the VR via site to site VPN or client VPN tunnels

So what about the rest of the world? Since the DNS services provided by the CloudStack VR are “Private” to CloudStack, public DNS servers like Google DNS or your ISPs DNS servers wont be able to resolve the entries created on the CloudStack Virtual Router.

For Public DNS resolution to work, public DNS infrastructure hosting solution from various DNS hosting providers can be used. Alternatively, you could run your own public DNS hosting infrastructure. DNS entries can then be created dynamically with the provier’s DNS updater APIs.

Some popular DNS providers who have update APIs are Neustar’s UltraDNS, Amazon Route 53 and DynDNS. In order to automatically update the DNS settings with a public DNS providers:

  1. Signup for public DNS services with a providers
  2. Generate Keys for using the DNS updater APIs
  3. Create custom scripts which trigger the update on instance start. Alternatively, there are updater scripts publicly available for popular service providers which can be readily used with your OS
  4. Create a new CloudStack OS template with the scripts integrated
  5. Finally, launch new instances from the custom template with the “Name” parameter set

Once the updater does its job, DNS resolution would work across all public DNS servers. Of course, you would still need network connectivity like the VPN to actually reach the instances.

What about public IPs that’s assigned to the instance VMs? The CloudStack VR only provides internal resolution for DHCP assigned ip addresses and not statically assigned public IP addresses. You could rely on your public DNS updater scripts to add the public IP address of the instance instead of the private DHCP IP.

The public IPv4 assigned to the instance can be fetched from the meta-data server via the following URL.

http://virtualrouter/latest/meta-data/public-ipv4

See Apacge User Data and Meta Data documentation. The public IP addresses would be routable over the internet and would be useful for publicly accessible services like websites.

A note for user’s looking to write their own custom DNS updater scripts:

  1. The very popular Cloud-init framework already supports CloudStack’s metadata source. It would be best to implement a custom updater module inside cloud-init to provide DNS update services to your instances.
  2. Be careful about storing updater keys and credentials on publicly accessible templates or on instances where you have untrusted users
  3. Configuration management systems like Puppet, Chef and Ansible can certainly be used for doing DNS updates. But they too will require custom recipes and modules. Cloud-init, IMHO would be the way forward as its a framework seeing wider adoption across all IaaS cloud.

Shanker Balan

Shanker Balan is a devops and infrastructure freelancer with over 14 years of industry experience in large scale Internet systems. He is available for both short term and long term projects on contract. Please use the Contact Form for any enquiry.

More Posts - Website

Follow Me:
TwitterLinkedIn

Published by

Shanker Balan

Shanker Balan is a devops and infrastructure freelancer with over 14 years of industry experience in large scale Internet systems. He is available for both short term and long term projects on contract. Please use the Contact Form for any enquiry.

Leave a Reply