I've seen organisation unrelated to Oracle that point (via a CNAME record) one of their hostnames to a subdomain of oracle.com, which presumably resolves to a server on Oracle Cloud Infrastructure. For instance,
gucs9j.universityofcalifornia.edu
has a CNAME record that points to
bigip-gucs9j-universityofcalifornia.oracle.com
However, even after scanning the Oracle Cloud Infrastructure documentation, I'm still unaware of a way to claim such a subdomain.
Is it possible? Did it use to be possible but no longer is? If it is possible, what Oracle Cloud Infrastructure service allows one to claim one? Or is this not related to Oracle Cloud Infrastructure at all?
You cannot 'claim' or create a new DNS record under oracle.com, its a private space. Also, what is maybe adding to the confusion is that an instance created in OCI generally gets a FQDN of instancename.subnetname.vcnname.oraclevcn.com - however, this is an internal only address and resolves only within the VCN is was created in. To have this resolve (and be accessible) externally, it needs a public IP, and you would need to create an appropriate DNS record using your own registered domain name and point it to the public IP address.
My username on most platforms is targumon.
I have a project on GitHub which is published through GitHub Pages. It's available here: targumon.github.io/playground/
Obviously I do not own github.com or github.io and this is just a service they provide. I don't truly own that subdomain. Technically they can reclaim it at any moment.
Oracle is a huge company. They're known for their database software but they provide other services as well. I think it's safe to assume the University of California at some point was -or still is- a partner of Oracle, or a customer, or in any similar relationship.
(btw, Oracle headquarters are in California...)
Related
Is it possible to have an App Service respond to all domain names that it receives? I would really like to be able to deploy to an App Service plan, rather than a VM. Note I am not trying to do wildcard subdomains - these require adding them through the Azure console. I am trying to accept any domain name that the app service receives. Adding and verifying each domain is not practical.
I have a multitenant app, so this is really important to me so that customers can use their own domain names.
I've tried adding the domain * and ., but it fails validation.
I don't think you can do this because Azure requires validation of domain ownership by adding specific records to DNS. Here is a discussion as to why they do that.
The best you might be able to do is to automate or script the binding, but even then you would need assistance from your third party partners/customers to verify their DNS ownership.
An alternative would be to transfer your DNS to Azure and use subdomains. I know you've said you're not looking at that solution, but using the Azure DNS offering would allow you to fully script out the onboarding process for a new customer.
Could you ensure that the changes to your DNS settings have been confirmed and validated from your DNS provider’s end. For certain providers, such as GoDaddy, changes to DNS records don't become effective until you select a separate Save Changes link.
For more details, refer "Map an existing custom DNS name to Azure Web Apps".
You may refer MSDN thread, which addresses similar issue.
I would like set DNS records visible from instances inside the Google cloud.
For example if I query DNS from my PC I'll get one IP; however if I query DNS from the instance I'll get another IP. (A record to be exact)
Ideally I'd like doing this in most sane/convenient way possible; since I can install caching DNS server on every instance and setup authorative results; and forward caching for the rest (I guess bind9 can do that, never tried it before). But this is configuration sync mess; and it's not elegant. I kinda assume there might exist a better way.
One solution is to use totally different zones for different sets of machines and use the DNS search path to select.
So for example you could set up
server1.internal.yourdomain.com IN A 1.2.3.4
server1.external.yourdomain.com IN A 5.6.7.8
Then set up your machines with resolv.conf containing either
search internal.yourdomain.com
or
search external.yourdomain.com
And then when you lookup server1 on such a machine it will return the address from the appropriate zone. This scheme means you don't need to rely complex routing or IP detection. You will be immune to incidents where internal or external IPs get leaked into each others result.
Of course this does mean that you aren't keeping any IP addresses secret, so make sure you have other security layers in place (you probably shouldn't rely on secret IPs for security anyway)
Assuming you want your VM instances to be able to query other instances by name, and retrieve the desired instance’s private IP, this is already baked into GCP.
Google Cloud Platform (GCP) Virtual Private Cloud (VPC) networks have an internal DNS service that allows you to use instance names instead of instance IP addresses to refer to Compute Engine virtual machine (VM) instances.
Each instance has a metadata server that also acts as a DNS resolver for that instance. DNS lookups are performed for instance names. The metadata server itself stores all DNS information for the local network and queries Google's public DNS servers for any addresses outside of the local network.
[snip]
An internal fully qualified domain name (FQDN) for an instance looks like this:
hostName.c.[PROJECT_ID].internal
You can always connect from one instance to another using this FQDN.
Otherwise, if you want to serve up entirely arbitrary records to a set of machines, you’ll need to serve those records yourself (perhaps using Cloud DNS). In this case, you’d need to reconfigure the resolv.conf file on those instances appropriately (although you can’t just change the file as you see fit). Note that you can't restrict queries to only your own machines, but as David also mentioned, security through obscurity isn't security at all.
Google Cloud DNS Private DNS was just announced to beta and does exactly what you need
For our SaaS app, we're allowing customers to point their domain name to our server.
The plan right now is to simply hand out one of our AWS elastic IP addresses for them to point their domain to. The elastic IP address would essentially be pointed to a EC2 instance web-server...and maybe a load balancer in time (if traffic demands it!).
The user would specify what their domain is in our app, and we'd be able to resolve the host name coming in as their app.
My concern is the longevity of this solution. This IP cannot change. And we'll certainly be tied to AWS if we go this route.
(Note: Being a 1-2 person startup, standing up a data-center is more than likely no-go, and we hope to use AWS or Azure).
What solutions would make this IP address -> SaaS Web Server concept last in the long run, with flexibility, and as minor of a tie as possible to a cloud provider?
With running the risk of asking "what is the best way to do this"...what's the best way to do this, keeping in mind longevity and small opt-in to a cloud provider?
You can't point an IP address to a load balancer, so this seems like a very bad idea. You need your own domain/subdomain that clients can point their domains/subdomains to via a CNAME record on their end. Then if the location of your service ever changes you just have to update your domain record and their DNS records will continue to be correct.
I am new to Google Cloud DNS service. While still trying to understand the features of this service, a question popped up that though Google doesn't allow a user to create duplicate DNS A records, but how does it ensures that any other user or same user for other project is also not able to create a duplicate record?
For example. My DNS record
mywebsite.example.com may point to I.P 192.168.0.1
What will happen if another user who is also using Google cloud DNS service, creates a similar record for his project with either a different i.p address or different domain address?
For example:
mywebsite.example.com --> 192.168.0.2
or
diffwebsite.example.com --> 192.168.0.1
How will DNS lookup resolve in either case since the domain (example.com) is registered with a common registrar? Please help.
There is always one entity (person, organization, something like that) that controls a zone in DNS. If Google has control of example.org (do not use mydomain.org as your example, it is a perfectly valid existing domain that belongs to someone else), Google can fill it with whatever information they want. If they want to let their customers add exactly one A record per name in it, that's a choice they can make. It's up to Google to make sure that they don't allow creation of records that cause problems for their customers.
If you own example.org, you can put whatever you feel like in it. If you chose to have 42 A record for a name, you can. Someone looking up that name will pick one of the records more or less at random. Nobody will police what IP addresses you put in your A records. You can have records containing absolutely any IP address at all. Nobody will police what names in the zone you create (within technical constraints). You can have an entire dictionary of foul language, if you want.
If someone you have no relationship with owns example.org, you have no influence on what names and records exist in that zone. It would not be a very good idea to rely on anything in it.
Possibly something here answers your question. Possibly not. Your question is a bit confused, to be honest.
I believe the key here is the difference between a 'Registrar' and a DNS. In Registrar you set the DNS to be publicly used on the rest of the internet for your domain. You can do this only when you are the owner of that domain. DNS is the translator from a domain name to an IP.
Having in account this concepts, you can have two situations:
1) You are a domain owner: You will have your domain setup on 'Registrar' and your site will be accessible from the internet. If you use it on a Cloud DNS zone you will be able also to use all the provided features. No one will be able to modify that information to redirect traffic to other IP but the owner itself.
2) You are not the domain owner: You can configure zones using domains that might be owned by other person, but they will not be publicly accessible by domain name, this zones will only work on internal bases.
Every Cloud DNS resource lives within a Google Cloud Platform project, therefore the possible overlapping of domains is controlled internally by Google Cloud on a Project permission bases, meaning that even if someone has a zone using a domain exactly as yours, it won't be able to modify it as it doesn't have access to your project, and if you are the domain owner the traffic will only go to the name servers ( not Cloud DNS) defined on Registrar that will redirect the requests to the right IP.
The company I work for is considering some changes to our DNS. We host an internal linux BIND9 DNS for primary and secondary authoritative DNS. We are thinking of changing either to hosting our public DNS externally, or keeping the primary on-site and move the secondary to a service like Google. I know it doesn't really make sense to keep our public DNS on-site or splitting it up, but the business owners would like to consider all possible options. I have looked through the documentation on-line and have contacted Google directly, but none of the sources I have checked will tell me if Google will allow us to use their DNS service to replicate a primary DNS server housed on-site and act as a secondary DNS for our domains. Does anyone here know if this is possible, and if it is what specifics they require to make it work. Any assistance that can be offered is appreciated.
Having a name server be a secondary authoritative name server for a domain of yours requires some cooperation from the owner of that server, so the only people who can tell you for sure if Google offers that service are Google themselves.