Cloudera Docs

Hybrid Domain Name Resolution Architecture

Learn more about the Hybrid Domain Name Resolution architecture.

The following diagram outlines the DNS resolution strategy for a hybrid environment, connecting the On-Premises network (company.prem) and the Cloud network (company.cloud).

The design ensures that resources in either environment can discover and communicate with each other using their local domain names, while also retaining the ability to resolve external internet addresses.

The table in the diagram details the core forwarding rules configured on the on-premises DNS server that enable this hybrid connectivity.
  • company.prem (local): The server is authoritative for this domain.
  • 16.172.in-addr.arpa (local): The server is authoritative for the on-premises reverse DNS lookup zone.
  • company.cloud (forward): All queries for this domain are forwarded to the FreeIPA server’s load balancer.

Architecture Overview

Learn more about the Hybrid Domain Name Resolution architecture.

The architecture includes two primary environments, each with its own DNS server that collaborates to provide seamless name resolution.

The customer’s on-premises corporate DNS server will contain records that delegate forward DNS resolution to the public cloud FreeIPA DNS service for all public cloud node zones.
  • On-Premises Environment (company.prem)
    • Network: 172.16.0.0/16
    • Components:
      • Base Cluster: A collection of services and workloads that need to communicate with both on-premises and cloud resources.
      • Local DNS Server: The primary DNS for the on-premises environment (e.g., Active Directory). It is the authority for the company.prem domain and the reverse lookup zone 16.172.in-addr.arpa.
  • Cloud Environment (company.cloud)
    • Network: 10.2.0.0/16
    • Components:
      • FreeIPA: The central DNS server for the public cloud environment. It is the authority for the company.cloud domain and acts as the primary resolver for all cloud-based services.
      • Data Hubs: A collection of services and workloads running in the public cloud that need to communicate with FreeIPA and with the on-premises environment.
      • Network Default Nameserver: The public or provider-supplied DNS resolver used for all external internet queries.

DNS Resolution Flows

Learn more about the three primary query scenarios.

On-Prem-to-Cloud (Blue Arrow)

This flow allows on-premise applications to resolve cloud resources.
  1. The Base Cluster needs to resolve an address in the cloud (e.g., datahub.company.cloud).
  2. It sends the query to its local On-premise DNS server.
  3. The On-premise DNS has a conditional forwarding rule (as shown in the configuration table) for the company.cloud domain.
  4. The query is forwarded to the FreeIPA server in the cloud.
  5. FreeIPA resolves the name and returns the IP address to the On-premise DNS server, which then sends it to the Base Cluster.

Cloud-to-On-Prem (Orange Arrows)

This flow allows cloud applications to resolve on-premises resources.
  1. A cloud application (like Data Hub) needs to resolve an address on-premises (e.g., basecluster.company.prem).
  2. It sends the query to its local resolver, FreeIPA.
  3. FreeIPA has a forwarding rule configured to send all queries for company.prem to the On-premise DNS server.
  4. The On-premise DNS resolves the name and returns the IP address to FreeIPA, which then sends it to the Data Hub.

Cloud-to-External (Purple Arrow)

This flow allows cloud applications to resolve public internet addresses.
  1. A cloud application (or FreeIPA itself) needs to resolve an external address (e.g., google.com).
  2. It sends the quesry to FreeIPA.
  3. FreeIPA determines the domain is not local (company.cloud) and not part of any specific forwarding rule (company.prem).
  4. It forwards the query to the Network Default Nameserver.
  5. The Network Default Nameserver resolves the public address and returns the result.