Auto-sync: 2026-04-29 00:02
This commit is contained in:
35
wiki/concepts/Resolver-Rules.md
Normal file
35
wiki/concepts/Resolver-Rules.md
Normal file
@@ -0,0 +1,35 @@
|
||||
---
|
||||
title: "Resolver Rules"
|
||||
type: concept
|
||||
tags:
|
||||
- AWS
|
||||
- DNS
|
||||
- Networking
|
||||
last_updated: 2026-04-28
|
||||
---
|
||||
|
||||
## Definition
|
||||
|
||||
Resolver Rules(解析规则)是 AWS Route 53 Resolver 的核心配置对象,用于定义特定域名的 DNS 查询应转发至哪个目标 DNS 服务器(如本地数据中心的 On-prem DNS)。它们是实现混合云 DNS 解析的关键机制。
|
||||
|
||||
## Aliases
|
||||
- Resolver Rules
|
||||
- Route 53 Resolver Rules
|
||||
- DNS Forwarding Rules
|
||||
|
||||
## Key Characteristics
|
||||
|
||||
- **域名匹配转发**:规则按域名模式(如 `*.corp.internal`)匹配查询,将匹配项转发至指定 IP 地址的 DNS 服务器
|
||||
- **共享机制**:通过 AWS RAM(Resource Access Manager)将规则跨账号共享给业务账户,业务 VPC 无需单独创建规则即可使用
|
||||
- **入站 vs 出站**:Resolver Rules 配合 Outbound Endpoint 使用;Inbound Endpoint 则处理反向(由外向内)的解析请求
|
||||
- **Terraform 自动化**:规则定义完全可通过 Terraform 声明式管理,集成到 Landing Zone 模块化供给流程中
|
||||
- **授权流程**:跨账号共享时,接受方账户需明确接受共享,规则才能生效
|
||||
|
||||
## Related Concepts
|
||||
- [[Route-53-Resolver]] — Resolver Rules 是 Resolver 的配置对象
|
||||
- [[AWS-RAM]] — 跨账号共享规则的技术手段
|
||||
- [[Private-Hosted-Zone]] — 与 PHZ 互补:PHZ 覆盖私有域名直接解析,Rules 覆盖需转发至外部 DNS 的域名
|
||||
- [[AWS-Landing-Zone]] — 集中化 DNS 账号场景下的规则管理策略
|
||||
|
||||
## Sources
|
||||
- [[ctp-topic-19-configuring-dns-within-aws-lzs]]
|
||||
Reference in New Issue
Block a user