DNS FAQ

Oracle Cloud Infrastructure DNS is an established, industry-leading solution. Some of the key benefits include:

• DNS network operating for over 10+ years, leveraged by thousands of customers, large and small, as well as enterprise, business and web properties
• Support for Oracle Cloud Infrastructure, other cloud provider endpoints (AWS, Azure), and private assets, including cloud, CDNs, and data centers
• Consistently lowest query latency performance
• Industry-leading propagation time to ensure fast response to DNS changes
• Support for primary and secondary DNS services, unlike solutions from many cloud providers
• Industry’s most accurate geolocation data set, created specifically for steering internet traffic
• DDoS protection built-in
• Most standards-compliant DNS platform

Oracle Cloud Infrastructure DNS service may be used when:

• A proven, trusted enterprise-grade solution is needed
• Domains and zones reside in enterprise on-premise, third-party-hosted, and Oracle Cloud Infrastructure environments
• Global resolution, performance, reliability, and security are critical
• There is a need to manage my DNS and other Oracle Cloud Infrastructure services through a common console with a single set of credentials

A DNS domain is simply the name given to translate a corresponding IP address, such as example.com. A DNS zone is where DNS records for a specific DNS domain are kept.

Customers can contact MOS (My Oracle Support) through the Oracle Cloud Infrastructure Portal.

Oracle Cloud Infrastructure DNS offers a complete set of functions for zone management within the user interface. The following functions are available:

• Create and manage zones
• Create and manage records
• Import/upload zone files (Public DNS only)
• Save and publish changes
• View all zones
• Reporting - Total queries by zone, Total queries by tenant (Public DNS only)

See the complete list of supported record types at https://docs.oracle.com/en-us/iaas/Content/DNS/Reference/supporteddnsresource.htm.

Oracle Cloud Infrastructure DNS service supports up to 1000 zones per tenant. More zones can be added by contacting Oracle Support.

The Oracle Cloud Infrastructure DNS service by default supports up to 25,000 resource records per zone. Contact Oracle Support if more records are needed.

The Oracle Cloud Infrastructure DNS Network supports 18 anycast POPs distributed around North America, South America, Europe, and Asia Pacific.

An anycast network utilizes the same IP address for all of the DNS servers in the network. This means that the DNS server in South America has the same IP address as the DNS server in Asia. When a DNS query is sent, even though all the DNS servers have the same IP address, the request is sent to a specific DNS server based on routing protocol, network health, and proximity to the servers location, etc. The anycast network provides lower latency, a basic level of load-balancing, and resiliency to be able to handle outages or heavy traffic with minimal impact to the customer.

Secondary DNS operates in an “always on” manner to supplement your existing primary DNS infrastructure to increase the availability of name resolution. When an end user’s recursive server initiates a DNS request, both the existing DNS service and the secondary DNS will respond as soon as they receive the request. Whichever response reaches the recursive server first will be passed back to the end user, completing their request. This process effectively creates a race to respond to each incoming DNS request, ensuring performance can only improve. All domain information will continue to be managed within the primary DNS service in the same manner in which this information is configured today. This information will then be synchronized with the secondary service using standard protocols (Notify, IXFR, AXFR) to ensure both solutions are returning the same information to end users.

Oracle Cloud Infrastructure DNS zones may be configured as Secondary zones today. External name servers are not currently supported for secondary DNS.

Yes. We deliver a minimum of 99.95 percent availability, consistent with other Oracle Cloud Infrastructure services.

Oracle Cloud Infrastructure DNS will soon support traffic management capabilities to steer DNS traffic with capabilities such as active failover, ratio load balancing and geolocation, ASN, and IP Prefix steering.

Oracle Cloud Infrastructure DNS is available to Universal Cloud Credit subscribers. Universal Cloud Credit subscribers can access Oracle Cloud Infrastructure DNS via the Oracle Cloud Infrastructure Console under the networking tab. From the DNS Zones page, customers can begin to add the needed zones and records.

Oracle Cloud Infrastructure DNS offers an easy to use graphical user interface, CLI, comprehensive REST APIs, and SDKs.

Oracle Cloud Infrastructure DNS supports SDKs for Java, Python and Ruby, as well as an API. The SDKs and API support full zone and record management capabilities.

Yes, Zone export is supported by many DNS vendors and systems. A downloaded/exported file can be imported using the Oracle Cloud Infrastructure user interface or the REST API.

Domains can be delegated to Oracle Cloud Infrastructure DNS from the Domain Registrar’s self-service portal.

Yes, in most cases. Restrictions are related to which third-party DNS vendor is acting as primary. Some of the larger cloud providers offering DNS service do not support this capability. Please contact Oracle Cloud Infrastructure DNS support for details.

Yes. Other vendor DNS solutions may be used as secondary DNS with the Oracle Cloud Infrastructure DNS as primary for higher service availability if required.

No, currently Domain Name System Security Extension (DNSSEC) is not supported at this time.

Yes. Oracle Cloud Infrastructure DNS supports zones with AAAA records, and name servers listen on both IPv4 and IPv6 addresses.

Yes. At this time counts for total queries and queries per zone are supported.

Yes. Customers may purchase Oracle Cloud Infrastructure private pool and vanity name servers to have their domain names and zones under a private IP pool with dedicated name servers to segregate from those of other customers in order to reduce the risk of external issues affecting their websites.

Yes. Customers may purchase private pool and vanity name servers to rebrand the Oracle Cloud Infrastructure name servers with their own naming in order to gain flexibility and consistency across their online assets.

Yes. Oracle Cloud Infrastructure DNS is available to Universal Cloud Credit subscribers. Customers may choose to only leverage only Oracle Cloud Infrastructure DNS.

OCI Private DNS is available in all OCI Realms and Regions.

There is no charge for Private DNS. Private DNS zones, queries, and resolver endpoints are free.

• Support for Custom Private Zones: Customers can create and manage private zones and records with their desired names
• Private DNS resolution within a VCN: Resolve queries for custom private zones, system generated zones (for example, oraclevcn.com), and the ability recurse to the internet for public zones
• Split Horizon: Provide different answers for the same zone name for private versus public queries
• VCN <=> VCN Private DNS resolution: Resolve DNS queries between peered VCNs (local, cross-region, and cross-tenancy)
• VCN <=> On-premise Private DNS resolution: Resolve queries between a VCN and a customer's on-premises network

A Custom Private Zone is a customer-created zone. Customers have full control of naming and record management.

A Protected Private Zone is an OCI system-generated zone (for example, oraclevcn.com) that customers are limited to read only access. Zone lifecycle is controlled by the OCI system.

A view is a logical grouping of Private DNS zones for ease of management. A zone can only exist in a single view. Note that the same zone name may be used in different views, each with unique records, but duplicate zone names cannot exist within the same view.

A Private DNS Resolver is a resolver within a VCN for resolving private DNS queries.

An interface on a Private DNS Resolver with a unique IP address for receiving queries from another VCN or on-premises DNS for resolution.

An interface on a Private DNS Resolver with a unique IP address that is used to forward queries to another VCN or on-premises DNS for resolution.

Rules used to specify conditional forwarding logic on a Private DNS Resolver to forward queries to another VCN, a customer's on-premises network, or another private network for DNS resolution.

The Private DNS Resolver supports the following conditional forwarding rules:

• Domains - Customers can specify queries for specific domains for forwarding (i.e. example.com).
• CIDR Blocks - Customers can specify forwarding rules for queries that originate form a specific CIDR Block.
• Match All - Forward all queries that cannot be resolved from the VCN's Private DNS Resolver.

In order to forward or receive queries from another Private DNS network (another VCN, on-premises network, or another private network) network connectivity must be established. For VCN to VCN DNS resolution, customers may use a local peering gateway for VCNs in the same region or a remote peering gateway for VCNs in different regions. For on-premises or other private network, Fast Connect or a IPSec VCN may be used. Note that DNS runs over DHCP, so this protocol must be enabled on the connection.

Yes. When a VCN is created, a Private DNS Resolver and a default Private View will be created for the VCN. Customer can immediately create private zones and records for the resolver.

Nothing. The existing VCNs have been backfilled with the new resolver and view at the time of General Availability.

Yes, Within the same region, views may be associated with multiple resolvers.

See the complete list of supported record types at https://docs.oracle.com/en-us/iaas/Content/DNS/Tasks/privatedns.htm#privatedns_topic_supported_resource_records.