Each device in a network requires an IP address to facilitate TCP/IP communication. Traditionally, IP addresses were assigned manually. However, Dynamic Host Configuration Protocol (DHCP) servers can dynamically assign IP addresses using the DHCP protocol. In virtual private clouds (VPCs) in Alibaba Cloud, the DHCP options sets provide consistent configuration for resources such as Elastic Compute Service (ECS) instances, thus simplifying network setup.
Overview
DHCP options sets
DHCP is a network protocol that enables servers to dynamically assign IP addresses and configuration information to clients, thus facilitating communication and access to network resources. It streamlines network management by automating the assignment of IP addresses to devices in a TCP/IP network.
A DHCP options set is a feature available in Alibaba Cloud that defines and centrally manages network parameters, allowing users to uniformly configure key settings such as DNS servers and domain names. When a VPC is associated with a DHCP options set, ECS instances in the VPC access network configurations such as domain names and DNS servers from the options set through the DHCP server. This ensures consistent and customized network configurations for all ECS instances in the VPC without the need for manual configuration.
Types of DHCP options sets
There are two types of DHCP options sets: default and custom.
Default: Includes a private domain name and default DNS server, which cannot be modified. The default set does not consume the resource quota.
A default DHCP options set is automatically created and associated with a VPC when the DNS hostname feature is enabled for the first time in a region. ECS instances in the VPC are then uniformly configured with the specified private domain name, allowing resource access through the private domain name and hostname. If you disable the DNS hostname feature, the system will automatically dissociate the default DHCP options set but will not delete it. If other VPCs in the region enable this feature, the system will reassociate the default DHCP options set with the new VPC.
You can manually dissociate the default DHCP options set from the VPC. After dissociation, ECS instances in the VPC will no longer be able to access resources through the hostname.
Custom: You can customize domain names and DNS servers. By associating this options set with a VPC, you enable the instances in the VPC to automatically receive information about custom configurations.
Scenario
Unified network configuration: By configuring a custom DNS server and combing it with a DHCP options set in a VPC, businesses can provide uniform configurations to ECS instances. This enhances efficiency by simplifying the setup of development and testing environments and streamlining network configurations during promotional events.
Limits
Supported regions
Area | Regions |
Asia Pacific - China | China (Hangzhou), China (Shanghai), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Shenzhen), China (Guangzhou), China (Chengdu), and China (Hong Kong) |
Asia Pacific - Others | Japan (Tokyo), South Korea (Seoul), Singapore, Malaysia (Kuala Lumpur), Indonesia (Jakarta), Philippines (Manila), and Thailand (Bangkok) |
Europe & Americas | Germany (Frankfurt), UK (London), US (Silicon Valley), US (Virginia), and Mexico |
Middle East | UAE (Dubai) and SAU (Riyadh - Partner Region) Important The SAU (Riyadh - Partner Region) region is operated by a partner. |
Quotas
Name/ID | Description | Default value | Adjustable |
N/A | Maximum number of DHCP options sets that can be created by each account | 10 | N/A |
Maximum number of VPCs that can be associated with each DHCP options set | 10 |
Maximum number of DHCP options sets that can be associated with each VPC | 1 |
Maximum number of domain names that can be specified in each DHCP options set | 1 |
Maximum number of DNS server IP addresses that can be specified in each DHCP options set | 4 |
Scenario
A company has a VPC in the China (Beijing) region with multiple ECS instances for various business operations. This example takes two ECS instances for reference. In addition, the company has a set of custom DNS servers to provide private domain name resolution for internal systems, enabling seamless and secure connections between ECS instances.
To enhance management efficiency and simplify processes, the company plans to use the DHCP options set feature to uniformly configure private domain names and custom DNS servers for all ECS instances in the VPC, eliminating the need for individual ECS instance configurations.
The process is as follows:
No. | Description |
1 | After an ECS instance is created in the VPC, the instance communicates with the DHCP server to retrieve information such as IP addresses. |
2 | When attached to the VPC, the DHCP options set provides ECS instances with configuration details, such as custom domain names and custom DNS servers. |
3 | After receiving the DHCP options set configurations, the ECS instance sends a query request to the DNS server to obtain the mapping between domain names and IP addresses. The DNS server returns the resolution results to the ECS instance and enables the ECS instance to use the custom domain name for internal communication. |
Prerequisites
A VPC has been created in the China (Beijing) region with two ECS instances, ECS01 and ECS02. You have a custom DNS server in the region, with private domain names and their corresponding private IP address mappings configured for ECS01 and ECS02 on the server.
Parameter | Configuration |
VPC | CIDR block: 192.168.0.0/16 |
Custom DNS server | Private IP: 192.168.1.197 |
ECS instances | |
Quick deployment of DNS server
Download the file dns-server.zip.
Log on to Alibaba Cloud Shell, and upload the file to Cloud Shell.
Run the following commands in sequence to unzip the package, enter the root directory, initialize the script, and then create resources.
unzip dns-server.zip
cd dns-server
terraform init
terraform apply -auto-approve
If the following result is returned, the resources have been created.
Apply complete! Resources: 8 added, 0 changed, 0 destroyed.
Procedure
Step 1: Create and associate a DHCP options set
Log on to the VPC console.
In the left-side navigation pane, click DHCP Options Sets.
In the top navigation bar, select the region where you want to create the DHCP options set.
Note
The region of the DHCP options set must be the same as that of the VPC.
- On the DHCP Options Sets page, click Create DHCP Options Set.
On the Create DHCP Options Set page, configure the parameters set based on the following information, and then click OK.
Parameter | Description |
Domain Name | Enter the hostname suffix. In this example, we use example.com. Note When you specify the hostname suffix as example.com, the /etc/resolv.conf file of the ECS instances in the VPC will automatically include search example.com as the search domain after the DHCP option set is associated with the VPC. You can access other ECS instances in the VPC using only the hostname, and the system will automatically complete the hostname suffix. For example, when you enter the hostname Web01, the system will attempt to resolve Web01.example.com. If there is a corresponding DNS record, the access will be successful without the need to remember the full domain name. This topic uses an ECS instance running the Linux CentOS 7.9 operating system as an example. For information on how to view the search domain on Windows, see your operating system manual.
|
DNS Server IP Address | In this example, click Custom Server IP, and enter 192.168.1.197. You can specify up to four custom DNS server IPs. Important When specifying a custom DNS server IP, take note of the following limits: The system automatically fills in the default private network DNS server addresses in the VPC, which are 100.100.2.136 and 100.100.2.138. Deletion may cause an inability to access basic cloud services on Alibaba Cloud. Proceed with caution. To use a self-managed DNS service, make sure the IP address of the self-managed DNS server is in the first position. After the DHCP option set is associated with the VPC, the custom domain name server IPs are added to the /etc/resolv.conf file of the ECS in the specified order. DNS queries will be performed in the order that the DNS servers are declared in the file. If the IP address of the self-managed DNS server is entered after that of the default DNS server, when the ECS instance resolves domain names: It first matches the domain resolution records of the default DNS servers in the resolv.conf file. Since the default DNS server does not have the authority to resolve private domains such as example.com, it will return NXDOMAIN. The system determines there is no need to continue querying subsequent servers, making it impossible to resolve the private domain to an IP address. To use the DNS services while using your self-managed DNS service, configure forwarding rules for the self-managed DNS server. Private domains are resolved through the self-managed server, whereas other requests are forwarded to the default server. To do this, log on to your self-managed DNS server and run the command vim /etc/named.conf to modify the configuration file:
// Default forwarding: Forward other requests to public DNS
options {
forwarders { 100.100.2.136; 100.100.2.138; }; # VPC Default DNS
forward only;
};
// Configure authoritative resolution for self-managed DNS
zone "example.com" {
type master;
file "example.com.zone"; # Domain resolution configuration file
};
You need to add rules that allow access to the custom DNS server IPs in security groups and network ACLs (if any). Otherwise, private services may not be resolved. Adding IPv6 DNS server IPs is not supported.
|
On the Create DHCP Options Set page, click Associate VPC.
In the Associate VPC dialog box, select the VPC where the ECS is located, and then click OK.
Note
A DHCP options set can be associated with multiple VPCs in the same region, but a VPC can only be associated with one DHCP options set in a given region.
After the DHCP options set is associated with the VPC, the following will happen:
Existing ECS instances in the VPC will use the configuration in the DHCP options set after restarting ECS instances, the DHCP process in ECS instances, or the network service.
New ECS instances in the VPC will automatically use the configuration in the DHCP options set.
If the associated VPC has the VPC sharing feature enabled, the DHCP options set will apply to ECS instances in the shared VPC.
Step 2: Test connectivity
Restart ECS01 and ECS02.
(Optional) Log on to ECS01 and ECS02, and run the cat /etc/resolv.conf command.
If the following result is returned, the configuration in the associated DHCP options set has taken effect.
Test connectivity
Log on to the ECS01 instance, and run the following commands to test whether ECS01 can access ECS02 using the hostname and private domain name.
ping Web02
ping Web02.example.com
If the following results are returned, ECS01 can access ECS02 using the hostname.
If the following results are returned, ECS01 can access ECS02 using the private domain name.
Related steps
Dissociate a DHCP options set
Note
After dissociating the VPC from the DHCP options set, the following will happen:
Existing ECS instances in the VPC will continue to use the configuration of the DHCP options set until you restart the ECS instances, the DHCP process in ECS instances, or the network service.
New ECS instances in the VPC will not use the configuration of the DHCP options set, including the domain name and custom DNS server. They will use the default DNS server instead.
You can dissociate the DHCP options set from the VPC in the following ways:
On the VPC page, click the target instance ID. Dissociate by following the steps in the figure.
On the DHCP Options Set page, click the target instance ID. Follow the steps in the figure to dissociate.
Modify a DHCP options set
Note
After modifying the DHCP options set, the following will happen:
Existing ECS instances in the VPC will continue to use the configuration of the DHCP options set until you restart the ECS instances, the DHCP process in the ECS instance, or the network service.
New ECS instances in the VPC will use the new configuration.
On the DHCP Options Set page, click the instance ID. Follow the steps in the figure to modify the DHCP options set.
FAQs
1. How do I achieve mutual access between ECS instances in a VPC using private domain names if I use the default DNS server of Alibaba Cloud?
You can use the following two methods:
2. How do I restart the network service after a DHCP options set is associated with a VPC to which the existing ECS instances belong?
The command to restart the network service varies depending on the specific Linux operating system used.
Operating system | Version | Command to restart network service |
Operating system | Version | Command to restart network service |
CentOS | 6 | service network restart |
7 | systemctl restart network |
8 | systemctl restart NetworkManager |
Debian | 8 | systemctl restart networking |
9 | systemctl restart networking |
10 | systemctl restart networking |
Ubuntu | 14 | service networking restart |
16 | systemctl restart networking |
18 | systemctl restart systemd-networkd |
20 | systemctl restart systemd-networkd |
Alibaba Cloud Linux 2 | 2 | systemctl restart network |
Alibaba Cloud Linux 3 | 3 | systemctl restart NetworkManager |
Elastic Compute Service (ECS)
Lingma
