• Glossary
  • Support
  • Downloads
  • DataStax Home
Get Live Help
Expand All
Collapse All

DataStax Astra DB Serverless Documentation

    • Overview
      • Release notes
      • Astra DB FAQs
      • Astra DB glossary
      • Get support
    • Getting Started
      • Grant a user access
      • Load and retrieve data
        • Use DSBulk to load data
        • Use Data Loader in Astra Portal
      • Connect a driver
      • Build sample apps
      • Use integrations
        • Connect with DataGrip
        • Connect with DBSchema
        • Connect with JanusGraph
        • Connect with Strapi
    • Planning
      • Plan options
      • Database regions
    • Securing
      • Security highlights
      • Security guidelines
      • Default user permissions
      • Change your password
      • Reset your password
      • Authentication and Authorization
      • Astra DB Plugin for HashiCorp Vault
    • Connecting
      • Connecting private endpoints
        • AWS Private Link
        • Azure Private Link
        • GCP Private Endpoints
        • Connecting custom DNS
      • Connecting Change Data Capture (CDC)
      • Connecting CQL console
      • Connect the Spark Cassandra Connector to Astra
      • Drivers for Astra DB
        • Connecting C++ driver
        • Connecting C# driver
        • Connecting Java driver
        • Connecting Node.js driver
        • Connecting Python driver
        • Drivers retry policies
      • Connecting Legacy drivers
      • Get Secure Connect Bundle
    • Migrating
      • FAQs
      • Preliminary steps
        • Feasibility checks
        • Deployment and infrastructure considerations
        • Create target environment for migration
        • Understand rollback options
      • Phase 1: Deploy ZDM Proxy and connect client applications
        • Set up the ZDM Automation with ZDM Utility
        • Deploy the ZDM Proxy and monitoring
          • Configure Transport Layer Security
        • Connect client applications to ZDM Proxy
        • Manage your ZDM Proxy instances
      • Phase 2: Migrate and validate data
      • Phase 3: Enable asynchronous dual reads
      • Phase 4: Change read routing to Target
      • Phase 5: Connect client applications directly to Target
      • Troubleshooting
        • Troubleshooting tips
        • Troubleshooting scenarios
      • Additional resources
        • Glossary
        • Contribution guidelines
        • Release Notes
    • Managing
      • Managing your organization
        • User permissions
        • Pricing and billing
        • Audit Logs
        • Bring Your Own Key
          • BYOK AWS Astra DB console
          • BYOK GCP Astra DB console
          • BYOK AWS DevOps API
          • BYOK GCP DevOps API
        • Configuring SSO
          • Configure SSO for Microsoft Azure AD
          • Configure SSO for Okta
          • Configure SSO for OneLogin
      • Managing your database
        • Create your database
        • View your databases
        • Database statuses
        • Use DSBulk to load data
        • Use Data Loader in Astra Portal
        • Monitor your databases
        • Export metrics to third party
          • Export metrics via Astra Portal
          • Export metrics via DevOps API
        • Manage access lists
        • Manage multiple keyspaces
        • Using multiple regions
        • Terminate your database
      • Managing with DevOps API
        • Managing database lifecycle
        • Managing roles
        • Managing users
        • Managing tokens
        • Managing BYOK AWS
        • Managing BYOK GCP
        • Managing access list
        • Managing multiple regions
        • Get private endpoints
        • AWS PrivateLink
        • Azure PrivateLink
        • GCP Private Service
    • Astra CLI
    • DataStax Astra Block
      • FAQs
      • About NFTs
      • DataStax Astra Block for Ethereum quickstart
    • Developing with Stargate APIs
      • Develop with REST
      • Develop with Document
      • Develop with GraphQL
        • Develop with GraphQL (CQL-first)
        • Develop with GraphQL (Schema-first)
      • Develop with gRPC
        • gRPC Rust client
        • gRPC Go client
        • gRPC Node.js client
        • gRPC Java client
      • Develop with CQL
      • Tooling Resources
      • Node.js Document API client
      • Node.js REST API client
    • Stargate QuickStarts
      • Document API QuickStart
      • REST API QuickStart
      • GraphQL API CQL-first QuickStart
    • API References
      • DevOps REST API v2
      • Stargate Document API v2
      • Stargate REST API v2
  • DataStax Astra DB Serverless Documentation
  • Connecting
  • Connecting private endpoints
  • Connecting custom DNS

Using Custom DNS on an external system

The use of custom domains is only available as a premium feature.

Currently when you create a database, DataStax automatically sets up a Domain Name System (DNS) entry so that applications can connect to the database. This DNS entry is used in the Secure Connect Bundle (SCB), and plays a part in the cryptography ensuring both parties are communicating to the intended target.

As an Astra administrator setting up a private endpoint, you must create a local version of the *.astra.datastax.com domain to override the name resolution to the public IP address advertised by DataStax.

Now, you can set up your custom DNS with a private endpoint and use your DNS entry to send traffic to the private endpoint.

Benefits

This option works with an Astra database with a private endpoint. You can have a DNS name for the database in a DNS zone that belongs to your organization. This option allows you to have complete control over said zone and its resolution. It also ensures you do not have to create and manage a local astra.datastax.com zone.

Prerequisites

Configure an application token to interact with the Astra APIs. For more, see Manage application tokens.

If you have any type of traffic over private links, you must prepare any client application to accept a self-signed certificate. This means you must use the ca.crt from the SCB. DataStax must have self-signed certificates for custom domains. If the client application uses a common Astra domain name, that application must still be prepared to accept our self-signed certificate.

Update any client that is over private links—​even if that client NOT is planning to be used with custom domains.

Configure your Astra Organization with the custom domains

Retrieve list of existing custom domains

To retrieve the list of custom domains, send a GET request to https://api.astra.datastax.com/v2/organizations/customDomains

  • cURL command (/v2)

  • Results

curl --location --request GET 'https://api.astra.datastax.com/v2/organizations/customDomains' \
--header 'Content-Type: application/json' \
--header 'Authorization: <application_token>' \
--data-raw '[
  "string"
]'
[
  "likeness.com",
  "happy.com"
]

The endpoint returns the list of custom domain names. If no domains are configured, the endpoint returns an empty response.

Modify the list of custom domains

To modify the list of custom domains, send a POST request to https://api.astra.datastax.com/v2/organizations/customDomains

The custom domain list is a "desired state" list. Adding, removing, or changing domains requires that you send the complete list of desired domains. For example, if you have a list of domains, then send only a single domain, you will unconfigure the previous domains.

  • cURL command (/v2)

curl --location --request POST 'https://api.astra.datastax.com/v2/organizations/customDomains' \
--header 'Content-Type: application/json' \
--header 'Authorization: <application_token>' \
--data-raw '[
    "likeness.com",
    "happy.com",
    "dataslice.com"
]'

If there are no errors, the request is complete. You can retrieve the list of configured domains to verify the configuration is in place.

You are still assigned a host name in the astra.datastax.com zone which resolves the internet facing IP. You can block all public internet traffic so that the database is only accessible through private endpoints. You do not have to create a copy of the astra.datastax.com DNS zone when using custom domains. Instead you create a DNS entry in your desired domain.

Retrieve modified list of custom domains

To retrieve the list of custom domains, send a GET request to https://api.astra.datastax.com/v2/organizations/customDomains

  • cURL command (/v2)

  • Results

curl --location --request GET 'https://api.astra.datastax.com/v2/organizations/customDomains' \
--header 'Content-Type: application/json' \
--header 'Authorization: <application_token>' \
--data-raw '[
  "string"
]'
[
  "dataslice.com",
  "likeness.com",
  "happy.com"
]

The endpoint returns the list of custom domain names.

Retrieve the Secure Connect Bundle for a custom domain

About downloading SCB

  • Private link and the custom domain are required before the SCB for that custom domain can be downloaded.

  • With a configured private endpoint for the database after the custom domain is added, you can download the SCB for custom domains.

Obtain SCB for a database in an organization

This example returns the SCBs for Astra and all added custom domains for your organization.

  • cURL command (/v2)

  • Results

curl --location --request POST 'https://api.astra.datastax.com/v2/databases/<database_ID>/secureBundleURL' \
--header 'Accept: application/json' \
--header 'Authorization: <application_token>' \
--data-raw '[
  "all": true
]'
{
  "downloadURL": "nifty.cloud.datastax.com:9092",
  "downloadURLInternal": "internal-nifty.cloud.datastax.com:9092",
  "downloadURLMigrationProxy": "proxy-nifty.cloud.datastax.com:9092",
  "downloadURLMigrationProxyInternal": "proxy-nifty.cloud.datastax.com:9092",
  "datcenterID": "dde308f5-a8b0-474d-afd6-81e5689e3e25-1",
  "region": "us-east-1",
  "cloudProvider": "AWS",
  "customDomainBundles": [
    {
      "domain": "example.domain.com",
      "cqlFQDN": "dde308f5-a8b0-474d-afd6-81e5689e3e25-us-east-1.db.example.domain.com",
      "apiFQDN": "dde308f5-a8b0-474d-afd6-81e5689e3e25-us-east-1.apps.example.domain.com",
      "dashboardFQDN": "dde308f5-a8b0-474d-afd6-81e5689e3e25-us-east-1.dashboard.example.domain.com",
      "downloadURL": "nifty.cloud.datastax.com:9092"
    }
    {
      "domain": "example.domain2.com",
      "cqlFQDN": "dde308f5-a8b0-474d-afd6-81e5689e3e25-us-east-1.db.example.domain2.com",
      "apiFQDN": "dde308f5-a8b0-474d-afd6-81e5689e3e25-us-east-1.apps.example.domain2.com",
      "dashboardFQDN": "dde308f5-a8b0-474d-afd6-81e5689e3e25-us-east-1.dashboard.example.domain2.com",
      "downloadURL": "nifty.cloud.datastax.com:9092"
    }
  ]
}

In the stanza for the appropriate database ID, the customDomainBundles section of the response will contain a sub-stanza for each custom domain in which there will be a downloadURL parameter for the respective Secure Connect Bundle. The downloadURL is the link to downloading the Secure Connect Bundle. For more on generating a Secure Bundle, see Obtain zip for connecting to the database.

From these results, get the host key for your custom domain:

  • cqlFQDN: for CQL queriers

  • apiFQDN: for http (REST API) requests to your database

  • dashboardFQDN: review the dashboard using the private endpoint

Each FQDN here is captured in the Secure Connect Bundle to ensure you are utilizing the selected private endpoint. You need to add DNS entries for each FQDN in the domains you want to utilize and point them at your private endpoint.

Create a DNS entry for your private endpoint

You can alias your private endpoint with a DNS entry to use as your hostname in the Astra DB secure connect bundle. To configure your specific endpoint, see the instructions for your cloud provider:

  • AWS

  • Azure

  • GCP

Adding custom domains

Once all configuration is complete, you can add more custom domains as needed. To complete this action,

  1. Open Astra and go to Settings and select Security Settings.

  2. Go to Custom Domains and click Add Domains.

    300

Remember to set your custom domain with a private link.

  1. Add your custom domain name to the Domain field.

  2. Click Add Domain add one custom domain. Click + Add another domain one time to add another domain or several times to add several custom domains.

    300

Removing custom domains

  1. Open Astra and go to Settings and select Security Settings.

  2. Go to Custom Domains and click the trash icon.

  3. Read the information in the Delete Custom Domain box. This information explains how deleting a custom domain affects any application dependencies.

  4. Type delete to confirm and then click Delete.

    300
GCP Private Endpoints Connecting Change Data Capture (CDC)

General Inquiries: +1 (650) 389-6000 info@datastax.com

© DataStax | Privacy policy | Terms of use

DataStax, Titan, and TitanDB are registered trademarks of DataStax, Inc. and its subsidiaries in the United States and/or other countries.

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries.

Kubernetes is the registered trademark of the Linux Foundation.

landing_page landingpage