Configure DNS Resolution

When you enable a Confluent Cloud cluster for AWS PrivateLink or Azure Private Link, some workflows, including topic management and ksqlDB query management, require cluster endpoints that are not publicly accessible. You must configure your network to resolve DNS requests for these components over the AWS PrivateLink, or Azure Private Link, connection.

Unlike VPC peering, AWS PrivateLink and Azure Private Link do not require the use of a proxy to forward traffic from the Confluent Cloud Console, Confluent CLI, or Confluent Cloud APIs through your VPC or VNet to the Confluent Cloud cluster.

To configure DNS resolution for the Confluent Cloud Console, Confluent CLI, and Confluent Cloud APIs when AWS PrivateLink or Azure Private Link is enabled:

  1. Open the Confluent Cloud Console and go to your cluster. An error banner displays stating that your cluster is not accessible over the internet and includes the endpoint that you need to route to.
  2. Copy the endpoint that you need to route to.
  3. Configure your DNS provider (or your local /etc/hosts configuration) to resolve requests for that endpoint to the IP address of your PrivateLink Endpoint (VPC or Private Endpoint) connected to Confluent Cloud.