From e03c57e0949c8629b583d279d57eadee604807a7 Mon Sep 17 00:00:00 2001
From: Pablo Martin <pablo.martin@superhog.com>
Date: Tue, 6 Feb 2024 16:55:20 +0100
Subject: [PATCH] private dns

---
 human-script.md | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/human-script.md b/human-script.md
index 20abd53..f0e5114 100644
--- a/human-script.md
+++ b/human-script.md
@@ -137,7 +137,7 @@ Follow this to deploy the entire data infra.
       - Action: Allow
       - Priority: 100
     - Postgres Services Rule
-      - Name: AllowPostgresFromJumphostInbound
+      - Name: AllowPostgresFromServicesInbound
       - Source: the addresss range for the `services-subnet`. In this example, `10.69.0.64/26`.
       - Source port ranges: *
       - Destination: the addresss range for the `databases-subnet`. In this example, `10.69.0.8/29`.
@@ -155,8 +155,24 @@ Follow this to deploy the entire data infra.
       - Action: Allow
       - Priority: 1000
 
+### 2.3 Private DNS Zone
+
+- We will set up a private DNS Zone to avoid using hardcoded IPs to refer to services within the virtual network. This makes integrations more resilient because a service can change its IP and still be reached by other services (as long as other network configs like firewalls are still fine).
+- Create the Private DNS Zone
+  - Name it: `<your-env>.data.superhog.com`
+    - Add tags:
+    - `team: data`
+    - `environment: <your-env>`
+    - `project: network`
+- Add a new virtual network link to the zone
+  - Name it: `privatelink-<your-env>.data.superhog.com`
+  - Associate it to the virtual network.
+  - Enable autoregistration
+
 ## 3. Jumphost
 
+### 3.1 Deploy Jumphost machine
+
 ## 4. DWH
 
 ## 5. Airbyte