Each DNS zone in your SDDC network represents a piece of the DNS namespace that you manage yourself.

DNS zones in the SDDC fall into two categories:
  • Default zones, where the servers listen for DNS queries from all SDDC VMs on a subnet in the zone.
  • FQDN zones, where the servers listen for DNS requests forwarded from a default zone.
The compute and management gateways are each configured with a single default DNS zone. You can add up to four more zones of either type to provide the flexibility of having multiple DNS servers and subdomains. See Add a DNS Zone in the NSX-T Data Center Administration Guide for more information about how NSX-T implements DNS zones.

Procedure

  1. Log in to the VMware Cloud on AWS GovCloud at https://www.vmc-us-gov.vmware.com/.
  2. Click Networking & Security > DNS and open the DNS Zones tab.
  3. To add a default zone, select ADD DNS ZONE > Add Default Zone.
    You can add or modify IP addresses for the Management Gateway and Compute Gateway DNS forwarders in the default DNS zone. DNS queries from VMs in the default zone are sent to these IP addresses by default if they don't match the criteria for any FQDN zone.
    1. Enter a name and optionally a description. You use this Name if you create DNS firewall rules that apply to traffic in this zone.
    2. Enter the IP addresses of up to three DNS servers. All of the DNS servers you specify must be configured identically.
    3. (Optional) Enter an IP address in the Source IP field.
  4. To add an FQDN zone, select ADD DNS ZONE > Add FQDN Zone
    Specify one or more FQDNs to enable DNS forwarding. A DNS forwarder is associated with a default DNS zone and up to five FQDN DNS zones. When it receives a DNS query from a VM in the zone, the DNS forwarder compares the domain name in the query with the domain names in the FQDN DNS zones. If a match is found, the query is forwarded to the DNS servers specified in the FQDN DNS zone. Otherwise the query is forwarded to the DNS servers specified in the default DNS zone.
    1. Enter a name and optionally a description. You use this Name if you create DNS firewall rules that apply to traffic in this zone.
    2. Enter a FQDN for the domain. This must be a fully qualified domain name, such as example.com.
    3. Enter the IP address of up to three DNS servers.
    4. (Optional) Enter an IP address in the Source IP field.
  5. (Optional) Tag the DNS zone.

    See Add Tags to an Object in the NSX-T Data Center Administration Guide for more information about tagging NSX-T objects.

  6. Click SAVE.