Compute Engine VM instances use their metadata servers as internal DNSs to resolve the IP addresses of other VMs in the same network. A metadata server communicates with Google’s public DNS for queries outside a local network. For example, the following figure shows an SSH session to a Compute Engine VM, vm-a, during which it resolves the external address, google.com, even though, as in this case, it doesn’t have access to the internet. Also, it can resolve an address of another VM, vm-b, because it is in the same network and, in this case, the same subnet and zone. The fully qualified domain name (FQDN) of VMs is vm_name.zone.c.project_id.internal internally:
Figure 9.27 – Local metadata server acting as a DNS for a Compute Engine VM
As a metadata server can only resolve addresses for VMs in the same network and users can’t edit their configuration, for more advanced architectures that scale outside a VPC network, Cloud DNS should be used.
Cloud DNS is a Google-managed DNS service that translates domain names into IP addresses with 100% availability. It is a global service that is defined at the project level. Cloud DNS is a database where you store the zone’s DNS names of your systems and their IP addresses.
Cloud DNS supports two types of zones (where you store records for the same DNS name suffix):
- Public zone: This can be accessed from the internet. For example, if you want your application to be accessible by external users, a public zone such as my-external-app.com could be used. An existing domain can be transferred, and a new one can be registered in the Cloud Domain view of the Network services section.
- Private zone: This is accessible within private networks (in a VPC) and can be used in hybrid environments – for example, when a DNS on-premises is configured to forward queries for that zone to Cloud DNS.
Take a look at the following figure. It presents the Cloud Domain section of the Networking services menu on Google Cloud Console. If you want to configure a public zone for your Cloud DNS, you can use this section to search for an available public domain, check its price, and use Cloud DNS to publish it:
Figure 9.28 – Public domain registration in Google Cloud Console
Let’s examine the necessary steps for creating a private DNS zone in Cloud DNS with an example.