Added two examples - One to configure NAT instance for Internet access from private instances, another for a DNS VM to allow on-premises network to query DNS hostnames in the VCN (#295)

- Added example to configure NAT instance for Internet access from private instances
- Added example to configure Hybrid DNS instance to allow on-premises clients to resolve DNS names of instances in the VCN

Author: sivaedupuganti-oracle

docs/examples/networking/hybrid_dns/Hybrid-DNS-configuration-using-DNS-VM-in-VCN.md

@@ -0,0 +1,80 @@
+# Hybrid DNS Configuration
+
+Oracle Cloud Infrastructure (OCI) customers can configure DNS names for their instances in the Virtual Cloud Network (VCN) as described in [DNS in Your Virtual Cloud Network](https://docs.us-phoenix-1.oraclecloud.com/Content/Network/Concepts/dns.htm). The DNS names are resolvable only within the VCN using the VCN DNS resolver available at 169.254.169.254. This IP address is only reachable from instances in the VCN.
+
+This document describes the process to enable resolution of DNS names of instances in the VCN from on-premises clients and vice-versa, when the on-premises datacenter is connected with the VCN (through VPN or FastConnect).
+
+## Setup Overview
+
+
+### Case1 – DNS resolution from on-premises to VCN
+
+![On-premises to VCN](images/architecture-onprem-to-vcn.png)
+
+When an on-premises client is trying to connecting to cloud VCN resources:
+
+1. Client machine initiates a DNS query (for db1.exaclient.custvcn.oraclevcn.com) to on-prem DNS server (172.16.0.5)
+2. On-prem DNS server forwards the request to DNS VM in the VCN (10.0.10.15) over private connectivity (VPN or FastConnect)
+3. DNS query forwarded to VCN DNS resolver (169.254.169.254)
+4. DNS VM gets the IP address of the FQDN and send it back to on-prem DNS server
+5. On-prem DNS server gets the IP address and responds to the client machine
+
+
+#### Case2 – DNS resolution from VCN to on-premises
+
+![VCN to on-premises](images/architecture-vcn-to-onprem.png)
+
+When an instance in the VCN is trying to connect to an on-premises instance:
+
+1. Instance in the VCN initiates a DNS query (say app1.customer.net)
+2. The DNS server configured in the DHCP options used by the instance's subnet will receive the DNS request. In this case, the request will be received by DNS VM in the VCN
+3. DNS query forwarded to on-premises DNS server (172.16.0.5) over private connectivity (VPN of Fastconnect)
+4. DNS VM gets the response and sends it back to client
+
+
+## Configuration Steps
+
+Below are the steps to achieve this configuration
+
+1. Create a DNS VM in the VCN
+   1. Create a security list with following rules:
+      * allow udp 53 (for DNS queries) from clients (VCN address space + On-prem address space)
+      * allow tcp 22 (for ssh access) from Internet or on-prem address space
+      * allow ICMP type3 from same sources as rule above (for ssh access)
+    
+   2. Create a DHCP options set:
+      * Set DNS type as "Internet and VCN resolver"
+
+
+2. Create a subnet, which uses the security list and DHCP options set created above.
+3. Launch a VM with latest 'Oracle Linux 7.4' image into this subnet
+4. Install & Configure named
+```
+   $ sudo yum install bind
+   $ sudo firewall-cmd --permanent --add-port=53/udp
+   $ sudo firewall-cmd --permanent --add-port=53/tcp
+   $ sudo /bin/systemctl restart firewalld
+   $ cat > /etc/named.conf
+options {
+        listen-on port 53 { any; };
+        allow-query    { localhost; 10.0.0.0/16; 172.16.0.0/16; };
+        forward        only;
+        forwarders     { 169.254.169.254; };
+        recursion yes;
+};
+
+zone "customer.net" {
+        type       forward;
+        forward    only;
+        forwarders { 172.16.0.5; 172.16.31.5; };
+};
+
+<hit ctrl-D>
+
+   * $ sudo service named restart
+```
+
+5. Configure forwarding on the on-prem DNS servers for &#39;VCN domain&#39; (custvcn.oraclevcn.com) to be forwarded to DNS VM in the VCN.
+   Below is a snapshot of the setup in an AD/DNS server.
+   ![AD conditional forwarding setup](images/ad-cond-forwarding-setup.png)
+

docs/examples/networking/hybrid_dns/README.md

@@ -0,0 +1,28 @@
+    #     ___  ____     _    ____ _     _____
+    #    / _ \|  _ \   / \  / ___| |   | ____|
+    #   | | | | |_) | / _ \| |   | |   |  _|
+    #   | |_| |  _ < / ___ | |___| |___| |___
+    #    \___/|_| \_/_/   \_\____|_____|_____|
+***
+This example creates a VCN with two management subnets, in two different availability domains. It then launches an instance in each of these management subnets and configures them to perform DNS forwarding for DNS hostnames in the VCN, and the DNS hostnames in the on-premises network. See ![Hybrid DNS configuration using DNS VMs in VCN.md](Hybrid-DNS-configuration-using-DNS-VM-in-VCN.md) for more details on the setup. 
+
+To enable resolution of DNS hostnames from on-premises, you will need to update the default DHCP options of the VCN to use the DNS VMs as the DNS resolvers.
+
+### Using this example
+* Update env-vars with the required information. Most examples use the same set of environment variables so you only need to do this once.
+* Source env-vars
+  * `$ . env-vars`
+
+Once the environment is built, the DNS VMs will be able to query the DNS hostnames within the VCN. You can run 'nslookup <fqdn-of-an-instance-in-vcn> <DNS VM IP>' from any instance in the VCN to verify this. By specifying an IP address at the end of the 'nslookup' command, the DNS query is sent to the DNS service at that IP address.
+
+### Files in the configuration
+
+#### `env-vars`
+Is used to export the environmental variables used in the configuration. These are usually authentication related, be sure to exclude this file from your version control system. It's typical to keep this file outside of the configuration.
+
+Before you plan, apply, or destroy the configuration source the file -  
+`$ . env-vars`
+
+#### `dns.tf`
+Defines the resources. 
+