DNS is used to map a device’s IP address to a human-friendly domain name that is more easily memorable than a set of numbers (IPv4) or hexadecimal numbers (IPv6). The domain name associates a company’s brand with its online presence or abstracts a network endpoint from its IP address, and more. For clients on the internet to find a domain name, it must be published to an authoritative DNS server. Oracle Cloud provides access to these servers to manage essential to advanced DNS cases.
However, if the device mapped to the domain name moves or gets service from a provider that can’t issue a static IP address, the record mapping of that domain will need to be changed. Updating records manually is inefficient at best and infeasible at worst. An automated solution is required.
Luckily, all the automation needed to solve this problem is contained in Oracle Cloud Infrastructure. Using Oracle’s DNS service, serverless Functions, and API Gateway, we can automate your DNS changes. Avoid the need to rely on a Dynamic DNS provider by building one in Oracle Cloud Infrastructure.
This architecture is based on a customer use case I ran across recently. An internet-connected device needed to receive data from a centralized application. The device was mobile and frequently moved between networks, which caused its IP address to change often. Using custom request headers, it was able to send messages to an OCI API Gateway at regular intervals to keep its IP address up to date and prevent service disruptions.
Other use cases that could use this architecture would be situations involving IoT, mobile computing, or in my case creating a static address for a home VPN endpoint.
Log into the homepage of your OCI tenancy
Navigate to the menu by clicking on the icon on the top left of the browser area and select Identity > Compartments
Click the Create Compartment button. Enter a display name and short description for your compartment. This will be the compartment resources for this project will be located in.
Once the compartment is displayed on the list of compartments, click on the display name to view the details of the compartment. Click on the Copy link next to the OCID field to copy the compartment's OCID to your clipboard. Save this value as it will be used later.
Navigate to "Dynamic Groups" by selecting the link on the left side of the dashboard, or using the menu and selecting Identity > Dynamic Groups
Click the Create Dynamic Group button and give the Dynamic Group an appropriate display name and description. In the "Matching Rules" field, enter the following value replacing the placeholder field with the compartment OCID you copied in step 4.
All {resource.type = 'fnfunc', resource.compartment.id = 'ocid1.compartment.oc1..placeholdertext'}
Navigate to the Policies dashboard by opening the menu and selecting Identity > Policies
Click Create Policy and enter a display name and description for the policy. In the "Policy Builder" box, click Customize (Advanced) button and enter the following policies where KC_Dynamic_Group and kcflynn are the Dynamic Group and compartment created previously:
Allow dynamic-group KC_Dynamic_Group to manage dns in compartment kcflynn Allow dynamic-group KC_Dynamic_Group to inspect vcns in compartment kcflynn
fn init --runtime <Your Favorite Language> <Your Application Name>
replacing the values in brackets <>.self.dns_client = oci.dns.DnsClient({}, signer=signature)
result = self.dns_client.patch_domain_records( zone_name,
record_name,
oci.dns.models.PatchDomainRecordsDetails(
items=[ oci.dns.models.RecordOperation( operation='ADD',
domain=record_name,
ttl=record_ttl,
rtype='A',
rdata=record_content) ] ) )
logger.debug("Update successful.")
logger.debug("New rrset version: %s", result.data.items[0].rrset_version)
logger.debug("Success")
fn -v deploy --app <Your Application Name>
. This will build the image with Docker with verbose output. If the Fn CLI context was set up correctly in step 1 this will upload the image to the OCI Container Registry.In a real environment, allowing anyone to add or update DNS records will not end well. There are several ways to secure access to functions with an API Gateway, including using other functions. Take a look at this example of how a function can be used to allow only requests that contain a pre-set key: Oracle Functions sample repository.
/v1
for the Path Prefix. /dns
for the Path, select POST
in Methods, Oracle Functions
for Type, and select the application and function created earlier. Click Next, review the deployment to be created, and click Create. curl -v -X POST -H "x-record: host.domain.com" "<Endpoint>/dns"
There are no two organizations that have the same circumstances and requirements for their IT environments. The strength of using the Cloud is to quickly and efficiently chain together different services to create a solution that meets your organization’s unique needs. Oracle Cloud gives that flexibility with services such as API Gateway, Functions, Events, and more. Take a look at Oracle Cloud Free Tier or a 30 day trial to find out what kind of solution you can build.
Previous Post