37 lines
1.1 KiB
Markdown
37 lines
1.1 KiB
Markdown
---
|
||
title: "Hybrid DNS Resolution"
|
||
type: concept
|
||
tags:
|
||
- DNS
|
||
- Networking
|
||
- Hybrid Cloud
|
||
---
|
||
|
||
## Definition
|
||
混合云 DNS 解析(Hybrid DNS Resolution)指通过配置转发规则,使云端资源能解析本地域名,同时本地资源也能解析云端域名的机制。
|
||
|
||
## Architecture Components
|
||
|
||
### AWS Side
|
||
- [[Route-53-Private-Hosted-Zone]]
|
||
- [[Route-53-Resolver-Endpoint]](入站/出站)
|
||
- IAM 角色和策略控制
|
||
|
||
### On-Premise Side
|
||
- Active Directory 托管 DNS
|
||
- DNS 转发器
|
||
|
||
## Key Capabilities
|
||
- **跨区域弹性**:在出站规则中配置多个区域的 AD 域控制器 IP,确保故障转移
|
||
- **就近解析**:优化 Office 365 等全球化服务的访问性能
|
||
- **安全防护**:防 DNS 隧道攻击、数据外泄、缓存污染
|
||
|
||
## Workflow
|
||
1. VPC 内的资源发起 DNS 查询
|
||
2. Route 53 Resolver 检查是否有匹配的转发规则
|
||
3. 如果有,通过 Outbound Endpoint 转发到本地 AD 域控制器
|
||
4. 本地 DNS 返回解析结果
|
||
|
||
## Connections
|
||
- [[Route-53-Resolver-Endpoint]] ← implements ← [[Hybrid-DNS-Resolution]]
|
||
- [[Active-Directory]] ← provides ← 域控制器 ← [[Hybrid-DNS-Resolution]] |