Setting up internal / private networking DNS?

September 1, 2017 3.2k views
DNS Ubuntu 16.04

Is it possible to setup DNS for private / internal only network interfaces? For example suppose I have a private network interface 10.128.2.18 and I name it pnv1. I could add this to /etc/hosts, but if the network address changes, I have to update /etc/hosts for every single client that needs to access pnv1. So I'm wondering if digital ocean supports private networking DNS? I'm hoping I could essentially point /etc/hosts/ to this service and the service would then return the network address the client is trying to look up.

4 Answers

Yes. DigitalOcean's DNS service can be used with private networking. The one caveat would be that the Droplets can not be completely isolated with its public interface disabled. They will still require outbound access to port 53 for DNS lookups. In general, public DNS does not care if the IP address it points to is accessible or not. So pointing internal.example.com to an private IP address with an A record will work, but it will not be accessible if you are not on that private network.

If you require complete isolation from the public network, check out this tutorial for information setting up a private DNS server:

by Justin Ellingwood
An important part of managing server configuration and infrastructure includes maintaining an easy way to look up network interfaces and IP addresses by name, by setting up a proper Domain Name System (DNS). Using fully qualified domain names (FQDNs), instead of IP addresses,...

So, I added a custom domain (notexistend.org), which is not actually registered, since I'll only use it internally. Then added the DO nameservers to resolv.conf...but nothing. ping can't find notexistend.org.

Any thoughts?

Ping is unable to find the A record added to DigitalOcean DNS!

I achieved that by following https://gist.github.com/so0k/cdd24d0a4ad92014a1bc, but it only works if the DNS is a real one (not some internal fake DNS).

If the DNS doesn't exist, I achieved that (accessing other droplets through the internal DNS) letting only DO internal nameservers IPs (198.41.222.173, etc..) in resolv.conf (removed 8.8.8.8 and 8.8.4.4 from it).

The problem is that it won't work when I try to lookup external sites.

In the end, I still don't know how can I use Digital Ocean DNS internally with a fake internal DNS, in such a way that it resolves correctly when I ping a host in my internal domain, but uses 8.8.8.8 or 8.8.4.4 for external ones.

It will be great if DO provided some tutorial about how to do that.

Have another answer? Share your knowledge.