DNS Zone Management

Phase 5.5 of provisioning creates Azure DNS child zones for each tenant, enabling dedicated subdomains with proper NS delegation and A records pointing to the tenant's ingress IP.

DNS Architecture

matih.ai (platform zone - Terraform managed)
  |
  +-- acme.matih.ai (tenant child zone)
  |     A record --> 20.10.30.40 (tenant LoadBalancer IP)
  |
  +-- beta.matih.ai (tenant child zone)
        A record --> 20.10.30.41

Provisioning Steps

DNS Zone Creation

The AzureDnsService creates a child zone under the platform's DNS zone:

1. Create Azure DNS zone resource (e.g., acme.matih.ai)
2. Read the NS records from the new zone
3. Create NS delegation records in the parent zone (matih.ai)
4. Create A records pointing to the tenant's LoadBalancer IP
5. Store the DNS zone resource ID in tenant.dnsZoneId

Dev vs Production

Related Entities

The Tenant entity stores DNS-related fields:

@Column(name = "domain", length = 255)
private String domain;            // Platform-assigned domain
 
@Column(name = "custom_domain", length = 255)
private String customDomain;      // Custom domain (if configured)
 
@Column(name = "ingress_ip", length = 45)
private String ingressIp;         // LoadBalancer IP
 
@Column(name = "dns_zone_id", length = 500)
private String dnsZoneId;         // Azure DNS zone resource ID

Source Files