VMware Solutions DNS configuration
As of 17 July 2025, new automated installations of Red Hat® OpenShift® for VMware® are no longer available for new or existing deployments of VMware Cloud Foundation for Classic - Automated instances. You can still use or delete your existing Red Hat OpenShift for VMware automated installations until 16 July 2026. The service will no longer be available from 17 July 2026.
Collecting Active Directory credentials
-
Log in to IBM Cloud®.
-
From the left menu, select VMware.
-
In the VMware Solutions console, click Resources > VCF for Classic from the left navigation panel.
-
Select your deployed instance.
-
Click the Access information tab and collect the AD/DNS IP and remote desktop credentials.
-
From a jump server or by using SSL VPN, remote desktop to the AD/DNS server.
Creating DNS records
- Based on the following example, create a table to record your values.
- Update the following PowerShell commands with your values.
- From the Windows® RDP Session, open a PowerShell command window.
- Run commands to create the DNS artifacts.
- Reverse Lookup Zones
- Create DNS A Records with PTR
- Create DNS Service record for
etcd - Create DNS SRV record for
etcd
Notes about DNS records
- The
Add-DnsServerPrimaryZone-networkidcmdlet creates only classful reverse lookup zones. Therefore, if you specify a prefix longer than/24, then the cmdlet creates a/32reverse lookup zone. Therefore, as a workaround in the script use/24instead of a/26. You also need to modify the private portable subnet to match the classful/24network in the commands. - Do not create CNAME entries because the Red Hat® OpenShift® certificates are keyed to the DNS returning the IP address only and not a referral to the base hostname. Use the following format for DNS naming standards:
HostName.ClusterName.SubDomain.DomainName- HostName - Name of the virtual machine or host, for example,
control-plane-0 - ClusterName - Red Hat OpenShift cluster name, for example,
ocp - SubDomain - Subdomain of the IBM Cloud for VMware Solutions deployment, for example,
dallas - DomainName - Domain name of the IBM Cloud for VMware Solutions Deployment, for example,
ibm.local
- HostName - Name of the virtual machine or host, for example,
For example, the FQDN would be, control-plane-0.ocp.dallas.ibm.local.
The following table is for an example deployment. Use your own values.
| DNS Description | DNS Example Name | DNS Example IP address |
|---|---|---|
| DNS Reverse Lookup for Red Hat OpenShift VXLAN | 192.168.133.0/24 |
|
| DNS Reverse Lookup for Red Hat OpenShift IBM Cloud Subnet | 10.208.242.128/26 |
|
| Bastion Host | bastion.ocp.dallas.ibm.local | 192.168.133.8 |
| bootstrap-0 Host | bootstrap-0.ocp.dallas.ibm.local | 192.168.133.9 |
| control-plane-0 Host | control-plane-0.ocp.dallas.ibm.local | 192.168.133.10 |
| control-plane-1 Host | control-plane-1.ocp.dallas.ibm.local | 192.168.133.11 |
| control-plane-2 Host | control-plane-2.ocp.dallas.ibm.local | 192.168.133.12 |
| compute-0 Host | compute-0.ocp.dallas.ibm.local | 192.168.133.13 |
| compute-1 Host | compute-1.ocp.dallas.ibm.local | 192.168.133.14 |
| compute-2 Host | compute-2.ocp.dallas.ibm.local | 192.168.133.15 |
| Application wildcard DNS (Load Balancer) | *.apps.ocp.dallas.ibm.local | 10.208.242.131 |
| Kubernetes API URL (Load Balancer) | api.ocp.dallas.ibm.local | 10.208.242.132 |
| Kubernetes API-INT (Internal) URL (Load Balancer) | api-int.ocp.dallas.ibm.local |
10.208.242.132 |
etcd Node0 |
etcd-0.ocp.dallas.ibm.local | 192.168.133.10 |
etcd Node1 |
etcd-1.ocp.dallas.ibm.local | 192.168.133.11 |
etcd Node2 |
etcd-2.ocp.dallas.ibm.local | 192.168.133.12 |
etcd Service Record Node 0 |
_etcd-server-ssl._tcp.ocp.dallas.ibm.local | 192.168.133.10 |
etcd Service Record Node 1 |
_etcd-server-ssl._tcp.ocp.dallas.ibm.local | 192.168.133.11 |
etcd Service Record Node 2 |
_etcd-server-ssl._tcp.ocp.dallas.ibm.local | 192.168.133.12 |
DNS commands
# Create Reverse Lookup Zones
Add-DnsServerPrimaryZone -networkid "192.168.133.0/24" -replicationscope forest
Add-DnsServerPrimaryZone -networkid "10.208.242.0/24" -replicationscope forest
# Create DNS A Records, with PTR
Add-DnsServerResourceRecordA -Name "bastion.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.8" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "bootstrap-0.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.9" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "control-plane-0.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.10" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "etcd-0.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.10" -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "control-plane-1.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.11" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "etcd-1.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.11" -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "control-plane-2.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.12" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "etcd-2.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.12" -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "compute-0.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.13" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "compute-1.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.14" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "compute-2.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.15" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "*.apps.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "10.208.242.131" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "api.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "10.208.242.132" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "api-int.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "10.208.242.132" -CreatePtr -TimeToLive 00:00:10
# Create DNS SRV record for etcd
Add-DnsServerResourceRecord -Srv -ZoneName "ibm.local" -Name "_etcd-server-ssl._tcp.ocp.dallas" -DomainName "etcd-0.ocp.dallas.ibm.local" -Priority 10 -Weight 0 -Port 2380
Add-DnsServerResourceRecord -Srv -ZoneName "ibm.local" -Name "_etcd-server-ssl._tcp.ocp.dallas" -DomainName "etcd-1.ocp.dallas.ibm.local" -Priority 10 -Weight 0 -Port 2380
Add-DnsServerResourceRecord -Srv -ZoneName "ibm.local" -Name "_etcd-server-ssl._tcp.ocp.dallas" -DomainName "etcd-2.ocp.dallas.ibm.local" -Priority 10 -Weight 0 -Port 2380