Home / Dedicated Cloud Gateways
Edit
Report

Configure an outbound DNS resolver for Dedicated Cloud Gateway

Uses: Kong Gateway
Related Documentation
All Gateway Documentation
Incompatible with
on-prem
Related Resources
Dedicated Cloud Gateways
Private hosted zones
Route 53 Resolver Endpoints
Amazon VPC Documentation
TL;DR

Set up a Route 53 inbound resolver endpoint, then call the Konnect API to forward specific domains to custom DNS servers.

Prerequisites

Dedicated Cloud Gateway

This is a Konnect tutorial that requires Dedicated Cloud Gateways access.

If you don’t have a Konnect account, you can get started quickly with our onboarding wizard.

  1. The following Konnect items are required to complete this tutorial:
    • Personal access token (PAT): Create a new personal access token by opening the Konnect PAT page and selecting Generate Token.
    • Dedicated Cloud Gateway Control Plane Dedicated Cloud Gateway: You can use an existing Dedicated Cloud Gateway or create a new one to use for this tutorial.
    • Network ID: The default Dedicated Cloud Gateway network ID can be found in Gateway Manager > Network
  2. Set these values as environment variables: 
     export KONNECT_TOKEN='YOUR KONNECT TOKEN'
 export KONNECT_CONTROL_PLANE_URL=https://us.api.konghq.com
 export KONNECT_NETWORK_ID='KONNECT NETWORK ID'

AWS CLI

For this tutorial, you need the AWS CLI installed and configured:

  1. Install the AWS CLI.

  2. After installing, configure and authenticate with AWS:

     aws configure

Amazon Route 53 inbound resolver endpoint

You need to create an inbound Route 53 resolver endpoint in your VPC to receive DNS queries from your Dedicated Cloud Gateway.

After creating the endpoint, collect the IP addresses assigned to it and the domain zones you want to forward.

Save them in environment variables:

export RESOLVER_IPS='10.0.0.10,10.1.0.53'
export FORWARD_ZONES='example.internal.dev,example2.internal.dev'

Connect the resolver to your Dedicated Cloud Gateway

Use the Konnect API to configure forwarding rules that send DNS queries to your resolver:

curl -X POST "https://global.api.konghq.com/v2/cloud-gateways/networks/$KONNECT_NETWORK_ID/private-dns" \
     -H "Authorization: Bearer $KONNECT_TOKEN"\
     -H "Accept: application/json"\
     -H "Content-Type: application/json" \
     --json '{
       "name": "us-east-2 dns resolver",
       "private_dns_attachment_config": {
         "kind": "aws-outbound-resolver",
         "dns_config": {
           "example.internal.dev": {
             "remote_dns_server_ip_addresses": [
               "10.0.0.10"
             ]
           },
           "example2.internal.dev": {
             "remote_dns_server_ip_addresses": [
               "10.1.0.53"
             ]
           }
         }
       }
     }'

Validate

Once the resolver is configured, it may take a few minutes to become active, you can validate success by issuing a GET request to /private-dns:

curl "https://global.api.konghq.com/v2/cloud-gateways/networks/$KONNECT_NETWORK_ID/private-dns" \
     -H "Authorization: Bearer $KONNECT_TOKEN"
Something wrong?
Report an Issue | Edit this Page

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help

Ask in our Forum
Contact Support