Working with custom resolvers
A private DNS custom resolver extends IBM Cloud® DNS Services's capability to meet the needs of a hybrid cloud environment by enabling resolution of the IBM Cloud VPC hostnames from on-premises DNS resolvers, and also enables the resolution of on-premises hostnames from the IBM Cloud.
Key features of the custom resolver:
- Extends DNS resolutions to resolvers residing on-premises
- Allows for resolution fallback to a secondary resolver location (if one is configured) when the primary resolver location is not available
Custom resolver overview
To get started using a custom resolver, you must create a custom resolver and then add forwarding rules to it.
It is expected that the custom resolver will be configured for High Availability by default. Follow the steps in Creating a custom resolver without high availability if you do not want a highly available configuration.
After you create the custom resolver and configure its forwarding rules, the resolver can be enabled for the VPC. This results in the DHCP option for the resolver changing to the custom resolver IP addresses.
Reserved IP for custom resolvers
Virtual appliances are created for custom resolvers to serve DNS queries, or for global load balancer health checks to send probes to your origin servers that monitor their health status. The virtual appliance is fully managed by DNS Services, however, you can go to the Subnets for VPC dashboard and view the details of a subnet to see the reserved IPs of that subnet. You can see which IP address is bound to the network interface on the virtual appliance managed by DNS Services.
From the Targeted resource column, you can view which reserved IP is bound to a DNS service instance that has a virtual appliance connected to your subnet. It is recommended that you keep Auto-release enabled (the default setting). With Auto-release, this IP address automatically releases to the IP address pool after the virtual appliance is deleted, as part of the deletion process for custom resolvers and global load balancer pools.
Disabling Auto-release can disrupt DNS Services recovery operations.
Custom resolver status
The status of a newly-created custom resolver is initially Critical
because the resolver location is not yet enabled. The status changes to Healthy
after the resolver location changes to Up
.
The following status definitions apply to the resolver locations:
- Up - when the resolver location is functioning.
- Down - when the resolver location is not functioning.
The following status definitions apply to the custom resolver:
- Healthy - when all resolver locations are
Up
, the status isHealthy
. - Degraded - when there is more than one resolver location, and one is
Up
but another isDown
, then the status changes toDegraded
. - Critical - when all resolver locations are
Down
, the status changes toCritical
.
Custom resolvers limits
The following limits exist for the custom resolvers feature:
- Each VPC can have a maximum of one custom resolver.
- Each custom resolver can have a maximum of three locations, either within the same subnet or in different subnets.
- Each custom resolver can have a maximum of 10 forwarding rules.
- You cannot delete the subnet used for the custom resolver.
- You must manually add rules to your security groups to allow traffic from your virtual server instance to the resolver location virtual server instance.