Domains

Domains support managing DNS records on AWS, Cloudflare and Oracle Cloud. To configure a domain first add the API key for the provider to a secret in the same organization. Then select that secret in the domain settings. The Domain field must match a domain available on that provider with the configured API key. Other DNS records can be configured on the same domain outside of Pritunl Cloud. Only the records in Pritunl Cloud will be modified on the DNS provider.

Negative TTL

When using DNS that is dynamically controlled such as with service discovery use cases it is critical that a low negative TTL is configured. This TTL stored in the SOA record controls how long DNS servers and clients cache a DNS lookup that did not return a record. The default value of 5 minutes can cause significant network disruptions. Even if the DNS record is added with a low TTL if the DNS client queries that record before it is added the default negative lookup TTL from the SOA is used. This will then stay in cache for several minutes before the cache expires. Currently only AWS Route 53 allows modifying this value. For this reason only AWS Route 53 should be used for configurations where there is frequent dynamic updates to DNS. To configure this value edit the SOA record from Route 53 and change the last number in the Value to 10 to configure the negative TTL to 10 seconds as shown below.

Service Discovery

Often private DNS servers are used for service discovery use cases due to concerns with cache and performance on public DNS infrastructure. These complex custom DNS systems have been the cause of several major service outages. The cache issues on public DNS can mostly be avoided by configuring low TTLs and using Google's 8.8.8.8 DNS service. All Pritunl instances are configured with 8.8.8.8, 8.8.4.4 DNS servers by default. Testing with 8.8.8.8 has shown DNS updates propagating within 3-10 seconds and 1-10 ms query times. For this reason Pritunl Cloud does not use or support private DNS systems for service discovery in pods.