Product Documentation

Appearance

EE: Azure cloud

Configuring DNS records for Azure

Prerequisites

  • Azure az CLI.
  • Necessary Azure permissions for DNS administration.

You may also choose to use kubectl to find some information in the example below.

Instructions

Step 1: Create a ‘child’ hosted zone for your Yellowbrick environment and retrieve the NS records.

This will be in the account of your Yellowbrick deployment. In an Azure installation of Yellowbrick, currently there are two resource groups: The default resource group you've provided and a subset resource group of the AKS cluster resources.

The name of the latter resource group starts with MC_. For example, if your default resource group is rg-yb-install, then the secondary resource group would be MC_rg-yb-install_yb-install_eastus. For the creation of the childZoneDnsName, we will choose to place that into the primary resource group (in this case, rg-yb-install).

bash
## Ensure your azure cli is set to the proper subscription of your "child" dns zone. This is the account where you have installed Yellowbrick.
az login
az account set --subscription $subscriptionId
    ## Example az account set --subscription mysubscription

childZoneDnsName=""
    ## Example: childZoneDnsName="xyz.dev.yellowbrickcloud.com"

## Create zone and retrieve NS records. Choose the resource group of the yellowbrick install 
az network dns zone create -g $childZoneResourceGroup -n $childZoneDnsName
    ## Example: az network dns zone create -g rg-yb-install -n xyz.dev.yellowbrickcloud.com

nsRecords=($(az network dns record-set ns list --resource-group $childZoneResourceGroup --zone-name $childZoneDnsName --query "[].NSRecords[]" --output tsv)) && echo "${nsRecords[@]}"

Step 2: In the account of your root DNS zone, delegate and add the NS (nameserver) records of your child hosted zone to your domain. You will need to have access to the account of your root DNS zone

bash
## Switch your azure cli to the proper subscription (if not in same subscription as child hosted zone) of your root dns zone
az account set --subscription $subscriptionId
az account show

rootZoneDnsName="${YOUR-ROOT-DNS-ZONE-NAME}"
    ## Example: rootZoneDnsName=dev.yellowbrickcloud.com
childZoneDnsName="${YOUR-CHILD-DNS-ZONE-NAME}"
    ## Example: childZoneDnsName=xyz.dev.yellowbrickcloud.com

## Verify your list of records still exists in the variable
echo "${nsRecords[@]}"

## Add the 4 ns records of the child zone to your root zone. rootZoneResourceGroup is the resource group of your root hosted zone.
for nsRecord in "${nsRecords[@]}"; do 
    az network dns record-set ns add-record \
        --resource-group $rootZoneResourceGroup \
        --zone-name $rootZoneDnsName \
        --record-set-name $childZoneDnsName \
        --nsdname $nsRecord \
        --ttl=3600
done

Step 3: Test DNS resolution of the child hosted zone with dig or nslookup

bash
dig -t NS $childZoneDnsName
    ## EXAMPLE: dig -t NS mysubdomain.dev.mydomain.com
        ## You should see an ANSWER section
            # ;; ANSWER SECTION:
            # mysubdomain.dev.mydomain.com. 172800 IN NS   ns-1241.awsdns-27.org.
            # mysubdomain.dev.mydomain.com. 172800 IN NS   ns-1703.awsdns-20.co.uk.
            # mysubdomain.dev.mydomain.com. 172800 IN NS   ns-490.awsdns-61.com.
            # mysubdomain.dev.mydomain.com. 172800 IN NS   ns-527.awsdns-01.net.

## Or you can use nslookup
nslookup -type=ns $childZoneDnsName

Step 4: In the account of your Yellowbrick deployment, add the Yellowbrick Manager IP or DNS A record name to your hosted zone. You will need to retrieve the Yellowbrick Manager IP address and update the 'ip' variable. This record can be anything you desire (manager, mgr, yb-manager, etc). We will be creating a simple A record pointing to a name you desire (Example: 142.250.65.110 referencing manager.yellowbrick.com).

bash
## Ensure your azure cli is pointed to the proper subscription (child zone)
az account show

rootZoneDnsName="${YOUR-ROOT-DNS-ZONE-NAME}"
    ## Example: rootZoneDnsName=dev.yellowbrickcloud.com
childZoneDnsName="${YOUR-CHILD-DNS-ZONE-NAME}"
    ## Example: childZoneDnsName=xyz.dev.yellowbrickcloud.com

## Update the ip to reflect your Yellowbrick Manager IP
ip=""
    ## Or you can retrieve the same result with kubectl: 
    ## ip=$(kubectl -n $NAMESPACE get service yb-manager-service -o json | jq '.status.loadBalancer.ingress[].ip' | sed 's/"//g')

## Add the Yellowbrick Manager ip to your child zone. You can change the 'recordNameYm' to a name you desire. 
recordNameYm="manager"
az network dns record-set a add-record \
    --resource-group $childZoneResourceGroup \
    --zone-name $childZoneDnsName \
    --record-set-name "${recordNameYm}.${childZoneDnsName}" \
    --ipv4-address $ip

    ## Example output: 
    #   [
    #       {
    #           "ARecords": [
    #               {
    #                   "ipv4Address": "111.222.41.113"
    #               }
    #           ],
    #           "TTL": 3600,
    #           "etag": "*************23",
    #           "fqdn": "xyz.dev.yellowbrickcloud.com.xyz.dev.yellowbrickcloud.com.",
    #           "id": "/subscriptions/************/resourceGroups/************/providers/Microsoft.Network/dnszones/xyz.dev.yellowbrickcloud.com/A/xyz.dev.yellowbrickcloud.com",
    #           "name": "manager.xyz.dev.yellowbrickcloud.com",
    #           "provisioningState": "Succeeded",
    #           "resourceGroup": "$YOUR_RESOURCE_GROUP",
    #           "targetResource": {},
    #           "type": "Microsoft.Network/dnszones/A"
    #       }
    #   ]

Step 5: Add the Yellowbrick instance IP(s) or DNS name of the NLB to your child hosted zone. You will need to retrieve the IP address associated with the instance. This can be found in the Yellowbrick Manager under "instances." For each instance, you will need to enter a DNS record by performing this step.

bash
## Ensure your azure cli is pointed to the proper subscription
az account show

rootZoneDnsName="${YOUR-ROOT-DNS-ZONE-NAME}"
    ## Example: rootZoneDnsName=dev.yellowbrickcloud.com
childZoneDnsName="${YOUR-CHILD-DNS-ZONE-NAME}"
    ## Example: childZoneDnsName=xyz.dev.yellowbrickcloud.com

## Retrieve the NLB A record of the data warehouse instance from the Yellowbrick Manager under 'Instances' > 'Host/Port'.
dwInstanceIp=""
    ## Or you can retrieve the same result with kubectl:
    ## dwInstanceIp=$(kubectl -n $NAMESPACE get service ybinst-${instanceName} -o json | jq '.status.loadBalancer.ingress[].ip' | sed 's/"//g')

## Add the data warehouse ip to your child zone. Change 'recordNameDw' to your desired name. For example, if your data warehouse name is "dw", then you can set it to dw. 
recordNameDw="dw"
az network dns record-set a add-record \
    --resource-group $childZoneResourceGroup \
    --zone-name $childZoneDnsName \
    --record-set-name "${recordNameDw}.$childZoneDnsName" \
    --ipv4-address $dwInstanceIp

    ## Example output:
    #   [
    #       {
    #           "ARecords": [
    #               {
    #                   "ipv4Address": "***.***.***.124"
    #               }
    #           ],
    #           "TTL": 3600,
    #           "etag": "******79",
    #           "fqdn": "dw.xyz.dev.yellowbrickcloud.com.xyz.dev.yellowbrickcloud.com.",
    #           "id": "/subscriptions/***********/resourceGroups/***********/providers/Microsoft.Network/dnszones/xyz.dev.yellowbrickcloud.com/A/dw.xyz.dev.yellowbrickcloud.com",
    #           "name": "dw.xyz.dev.yellowbrickcloud.com",
    #           "provisioningState": "Succeeded",
    #           "resourceGroup": "*************",
    #           "targetResource": {},
    #           "type": "Microsoft.Network/dnszones/A"
    #       }
    #   ]

Step 6: Check DNS resolution

bash
dig -t A ${recordNameDw}.${childZoneDnsName} 
    ## Example: dig -t A dw.xyz.dev.yellowbrickcloud.com