Short answer: Yes!
When you deploy your Autonomous Database with a private endpoint, you will get endpoint which translates to A record in your VCN. In some cases, you don’t want to relay that oraclecloud.com address further down the road outside of OCI.
This could be case for example connecting from on-premises via FastConnect or maybe you use Autonomous Database on Azure or GCP – same will apply, perhaps you want to use your internal company.local address. In this post I’ll show how it works and try it out.
I’ve deployed my ADB in OCI VCN, in a private subnet. When I go to my Autonomous DB details, I see it has a private endpoint:
Typically when I want to connect to my database, I will see the Database Connections view in the Console and download the wallet (or see the connections). For my current ADB, I see following for the HIGH service:
|
tfg_high
|
(description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1522)(host=tfg.adb.ca-toronto-1.oraclecloud.com))(connect_data=(service_name=gdf278db33961ca_tfg_high.adb.oraclecloud.com))(security=(ssl_server_dn_match=no)))
|
Just to make this example more confusing, I want to connect to my ADB with a hostname adb.db.tfg. To demonstrate, I have compute VM in OCI which needs to be able to resolve that address.
If you remember OCI Private DNS basics, each VCN has a resolver which we can go and modify by adding our private zones as we like.
I have a private view in my DNS resolver, I will go and add a new zone which will have A record of adb.db.tfg pointing to the IP address of my database.
Once I’ve created the zone, I’ve just added AND published the DNS record.
I can now resolve my private hostname from my compute!
[opc@zdm215 ~]$ nslookup adb.db.tfg Server: 169.254.169.254 Address: 169.254.169.254#53 Non-authoritative answer: Name: adb.db.tfg Address: 10.0.0.190
What else do I need to do to connect? Download the wallet, then modify the tnsnames.ora accordingly and try to connect!
tnsnames.ora looks like this:
[opc@zdm215 tfg]$ cat tnsnames.ora tfg_high = (description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1522)(host=adb.db.tfg))(connect_data=(service_name=gdf278db33961ca_tfg_high.adb.oraclecloud.com))(security=(ssl_server_dn_match=no))) tfg_low = (description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1522)(host=adb.db.tfg))(connect_data=(service_name=gdf278db33961ca_tfg_low.adb.oraclecloud.com))(security=(ssl_server_dn_match=no))) tfg_medium = (description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1522)(host=adb.db.tfg))(connect_data=(service_name=gdf278db33961ca_tfg_medium.adb.oraclecloud.com))(security=(ssl_server_dn_match=no))) tfg_tp = (description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1522)(host=adb.db.tfg))(connect_data=(service_name=gdf278db33961ca_tfg_tp.adb.oraclecloud.com))(security=(ssl_server_dn_match=no))) tfg_tpurgent = (description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1522)(host=adb.db.tfg))(connect_data=(service_name=gdf278db33961ca_tfg_tpurgent.adb.oraclecloud.com))(security=(ssl_server_dn_match=no)))
Next thing I do is I zip the files back to wallet so I can use it with sqlcl (what a nice tool!) and connect. Let’s see:
[opc@zdm215 tfg]$ zip Wallet_CustomDNS.zip * adding: cwallet.sso (stored 0%) adding: ewallet.p12 (stored 0%) adding: ewallet.pem (deflated 32%) adding: keystore.jks (deflated 13%) adding: ojdbc.properties (deflated 49%) adding: README (deflated 56%) adding: sqlnet.ora (deflated 9%) adding: tnsnames.ora (deflated 81%) adding: truststore.jks (deflated 22%) [opc@zdm215 ~]$ sql /nolog SQLcl: Release 24.4 Production on Wed May 21 19:23:45 2025 Copyright (c) 1982, 2025, Oracle. All rights reserved. SQL> set CLOUDCONFIG /home/opc/Wallet_CustomDNS.zip SQL> conn admin@tfg_high Password? (**********?) *************** Connected. SQL>
And that’s it!
We’ve proven you can use sort of custom DNS to connect to your Autonomous Database, the benefit of this is that you don’t need to necessarily use the oraclecloud.com domain in your private network but can use your own if you have such requirements.
Just remember that the server you’re connecting from needs to be able to resolve custom hostname and tnsnames.ora needs to be modified (or the jdbc connection URL).
Hi Simo,
We use CNAME instead of an A record. So in your case, it would be “adb.db.tfg CNAME 3600 tfg.adb.ca-toronto-1.oraclecloud.com”. That way, we don’t have to worry about a new IP if we redeploy the database or compute.
Thanks!