Configure DNS Forwarding on AWS

DNS forwarding enables Confluent Cloud to resolve hostnames that reside within private DNS zones or on a self-hosted DNS server. Use DNS forwarding when your Confluent Cloud services need to connect to resources by hostname instead of by IP address, such as fully managed connectors that access an Amazon RDS database whose IP address can change.

DNS forwarding is supported for the following AWS connectivity types:

  • VPC peering

  • Transit Gateway

  • Private Network Interface (PNI)

You must have a connection with bi-directional network access between your network and Confluent Cloud to use DNS forwarding.

Get DNS resolver IP addresses

You can set up AWS Inbound Endpoints or use your own DNS server:

  • To forward DNS requests from Confluent Cloud to a Route53 hosted zone, create Inbound Endpoints so that your Confluent Cloud network can access your DNS servers.

    Deploy multiple endpoints in different availability zones for availability.

    Allow TCP/UDP connections on port 53 on your Inbound Endpoints.

    If you are using a private hosted zone, enable the enableDnsSupport and enableDnsHostnames settings on your VPC.

    For details, see Forwarding inbound DNS queries to your VPCs in the Amazon Route 53 Developer Guide.

    After you create the endpoints, provide the IP addresses of the Inbound Endpoints in the next step.

  • To use your self-hosted DNS server, provide its IP address in the next step.

Create a DNS forwarder in Confluent Cloud

Set up DNS forwarding in Confluent Cloud:

  1. Sign in to the Confluent Cloud Console at https://confluent.cloud/.

  2. In the navigation menu, click Environments.

  3. Select the environment that contains your network connection.

  4. In the navigation menu, click Network management.

  5. Navigate to the details page for your connection:

    • For VPC peering or Transit Gateway, click For dedicated clusters, then click your network name.

    • For PNI, click For serverless products, then click your gateway name.

  6. Click the DNS forwarding tab.

  7. Enter the following information:

    • DNS server IPs: Up to three IP addresses of your DNS servers.

    • Domain list: Up to 10 domains to forward DNS requests for.

  8. Click Submit and wait for provisioning to complete.

Send a request to create a DNS Forwarder resource:

REST request

POST https://api.confluent.cloud/networking/v1/dns-forwarders

REST request body

{
  "spec":
  {
    "display_name": "<The Custom name for the DNS Resolver>",
    "environment":
    {
      "id": "<The Environment ID where the DNS Resolver belongs to>"
    },
    "config":
    {
      "kind": "ForwardViaIp",
      "dns_server_ips": "<A list of IP address(es), up to 3, of DNS server(s) from your VPC>"
    },
    "domains": "<A list of domains, up to 10, for the DNS forwarder to use>",
    "gateway":
    {
      "id": "<The gateway ID to which this belongs>",
      "environment": "<Environment of the referred resource, if env-scoped>"
    }
  }
}

To get the gateway ID, send the following API request:

GET https://api.confluent.cloud/networking/v1/networks/{Confluent Cloud network ID}

You can find the gateway ID in the response under spec.gateway.id.

Use the confluent network dns forwarder create Confluent CLI command to set up a DNS forwarder:

confluent network dns forwarder create <dns-forwarder-name> <flags>

The following command-specific flags are supported:

  • --dns-server-ip: Required. A comma-separated list of IP addresses for the DNS server.

  • --gateway: Required. Gateway ID. To get the gateway ID, run the following CLI command:

    confluent network describe

  • --domains: A comma-separated list of domains for the DNS forwarder to use.

You can specify additional optional CLI flags described in the Confluent CLI command reference, such as --environment and --output.

The following is an example Confluent CLI command to create a DNS forwarder:

confluent network dns forwarder create \
  --domains abc.com,def.com \
  --dns-server-ips 10.200.0.0,10.201.0.0 \
  --gateway gw-123456

The following is an example Confluent CLI command to create a named DNS forwarder:

confluent network dns forwarder create my-dns-forwarder \
  --domains abc.com,def.com \
  --dns-server-ips 10.200.0.0,10.201.0.0 \
  --gateway gw-123456

Use the confluent_dns_forwarder Confluent Terraform Provider resource to set up a DNS forwarder.

An example snippet of Terraform configuration:

resource "confluent_environment" "development" {
  display_name = "Development"
}

resource "confluent_dns_forwarder" "main" {
  display_name = "dns_forwarder"
  environment {
    id = confluent_environment.development.id
  }
  domains = ["example.com", "domainname.com"]
  gateway {
    id = confluent_network.main.gateway[0].id
  }
  forward_via_ip {
    dns_server_ips = ["10.200.0.0", "10.200.0.1"]
  }
}