{"fault":{"faultstring":
"Unable to resolve host invalid-target-host","detail":
{"errorcode":"protocol.http.NoResolvedHost","reason":
"TARGET_CONNECT_HOST_NOT_REACHABLE"}}}
Wenn die Antwort die Fehlerursache TARGET_CONNECT_HOST_NOT_REACHABLE enthält, hängt dies mit diesem Grund zusammen.
Lösung
Prüfen Sie die API-Proxy-Definition und ermitteln Sie den definierten Zielhostnamen:
Wenn der angegebene Zielhostname ungültig ist oder ungültige Zeichen enthält, korrigieren Sie den Fehler entsprechend, erstellen Sie eine neue Überarbeitung des Proxys und stellen Sie den Proxy bereit.
Ursache: DNS-Peering ist nicht konfiguriert
Diagnose
Prüfen Sie, ob die Apigee-Organisation mit einem VPC-Netzwerk gepeert ist, indem Sie die folgende Apigee API aufrufen:
Wenn die Apigee-Organisation nicht mit einer VPC verbunden ist und Private Service Connect (PSC) verwendet, gilt dieses Szenario nicht für diese Apigee-Organisation.
Erkundigen Sie sich beim API-Proxy-Entwickler auf Kundenseite, ob dieser Zielserver-Domainname intern konfiguriert ist. Wenn nicht, gilt dieses Szenario nicht.
Ermitteln Sie die Projekt-ID und das Netzwerk, in dem der Zielendpunkt gehostet wird.
Listen Sie die im obigen Netzwerk erstellten DNS-Peerings mit dem Befehl
peered-dns-domains list auf:
gcloud services peered-dns-domains list --network=NETWORK --project=PROJECT-ID
Der obige Befehl kann entweder ein leeres Ergebnis zurückgeben, wenn keine Peered-DNS-Domains verfügbar sind, oder eine Liste von Peered-DNS-Domains wie die folgende:
NAME DNS_SUFFIX
customer-service customer.service.internal.
accounts-service accounts.service.internal.
Wird mit dem obigen Befehl kein DNS-Peering-Eintrag für das entsprechende DNS-Suffix aufgelistet, könnte das der Grund für das Problem sein. Folgen Sie der Anleitung unter Lösung, um das Problem zu beheben.
Lösung
Notieren Sie sich das DNS-Suffix, die Projekt-ID und das Netzwerk, in dem der Zielendpunkt gehostet wird.
Erstellen Sie eine Peering-DNS-Domain für das DNS-Suffix mithilfe des
peered-dns-domains create-gcloud-Befehls. Beachten Sie, dass das DNS-Suffix einen abschließenden Punkt am Ende des DNS-Suffixes enthalten muss.
gcloud services peered-dns-domains create NAME --network=NETWORK --dns-suffix=DNS-SUFFIX. --project=PROJECT-ID
Senden Sie nun eine API-Anfrage an den API-Proxy-Endpunkt und prüfen Sie, ob der API-Proxy den Domainnamen des Zielservers auflösen und mit dem Zielserver kommunizieren kann:
Wenn das Problem auch nach Befolgen der obigen Anweisungen weiterhin besteht, sammeln Sie die folgenden Diagnoseinformationen und wenden Sie sich dann an den Google Cloud Customer Care:
Google Cloud-Projekt-ID
Apigee-Organisation
API-Proxy und -Überarbeitung
Netzwerk, in dem die private Domain erstellt wird
DNS-Suffix der privaten Domain
Die vollständige Ausgabe des Befehls zum Erstellen der DNS-Domain über Peering
[[["Leicht verständlich","easyToUnderstand","thumb-up"],["Mein Problem wurde gelöst","solvedMyProblem","thumb-up"],["Sonstiges","otherUp","thumb-up"]],[["Schwer verständlich","hardToUnderstand","thumb-down"],["Informationen oder Beispielcode falsch","incorrectInformationOrSampleCode","thumb-down"],["Benötigte Informationen/Beispiele nicht gefunden","missingTheInformationSamplesINeed","thumb-down"],["Problem mit der Übersetzung","translationIssue","thumb-down"],["Sonstiges","otherDown","thumb-down"]],["Zuletzt aktualisiert: 2025-09-04 (UTC)."],[[["\u003cp\u003eAPI requests failing with a \u003ccode\u003eTARGET_CONNECT_HOST_NOT_REACHABLE\u003c/code\u003e error and \u003ccode\u003eHTTP 503\u003c/code\u003e response can occur in Apigee and Apigee hybrid environments.\u003c/p\u003e\n"],["\u003cp\u003eOne cause of this error is an incorrect or invalid target server host specified within the API proxy definition, which can be resolved by correcting the host name and redeploying the proxy.\u003c/p\u003e\n"],["\u003cp\u003eAnother potential cause in Apigee deployments is the absence of DNS peering, preventing Apigee from resolving domain names, which can be resolved by creating a peered DNS domain using gcloud commands.\u003c/p\u003e\n"],["\u003cp\u003eTo diagnose DNS peering issues, you can use the Apigee API and gcloud commands to verify if the organization is peered with a VPC network and list the existing peered DNS domains.\u003c/p\u003e\n"],["\u003cp\u003eIf issues persist after applying the resolutions, you should gather diagnostic information, including the project ID, Apigee organization details, API proxy information, and network details, and then contact Google Cloud Customer Care.\u003c/p\u003e\n"]]],[],null,["# API requests fail with TARGET_CONNECT_HOST_NOT_REACHABLE error\n\n*You're viewing **Apigee** and **Apigee hybrid** documentation.\nThere is no equivalent\n[Apigee Edge](https://docs.apigee.com/api-platform/get-started/get-started) documentation for this topic.*\n\nSymptoms\n--------\n\n\nAPI requests fail with `TARGET_CONNECT_HOST_NOT_REACHABLE` error.\n\nError Messages\n--------------\n\n\nIf this issue occurs, the API requests will fail with `HTTP 503`\nresponse status code and the following error: \n\n```scdoc\n{\"fault\":{\"faultstring\":\n\"Unable to resolve host invalid-target-host\",\"detail\":\n{\"errorcode\":\"protocol.http.NoResolvedHost\",\"reason\":\n\"TARGET_CONNECT_HOST_NOT_REACHABLE\"}}}\n```\n\nPossible Causes\n---------------\n\n\nThe following potential causes have been identified for the aforementioned\nsymptom:\n\n### Cause: target server host specified is incorrect or has invalid characters\n\n#### Diagnosis\n\n1. Send an API request to the relevant API proxy:\n\n ```\n curl -ik https://dev.example.com/dns-peering-example\n HTTP/2 503\n content-type: application/json\n x-request-id: ***\n content-length: 169\n date: Thu, 02 Nov 2023 04:31:43 GMT\n via: 1.1 google\n alt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\n ```\n\n and check the response message: \n\n ```scdoc\n {\"fault\":{\"faultstring\":\n \"Unable to resolve host invalid-target-host\",\"detail\":\n {\"errorcode\":\"protocol.http.NoResolvedHost\",\"reason\":\n \"TARGET_CONNECT_HOST_NOT_REACHABLE\"}}}\n ```\n2. If the response contains the error reason `TARGET_CONNECT_HOST_NOT_REACHABLE` then, that is related to this reason.\n\n#### Resolution\n\n1. Check the API proxy definition and find the target hostname defined:\n2. If the target hostname given is invalid or has invalid characters, fix it accordingly, create a new revision of the proxy, and deploy the proxy.\n\n### Cause: DNS peering is not configured\n\n#### Diagnosis\n\n1. Check whether the Apigee organization is peered with a VPC network by invoking the following Apigee API: \n\n ```\n TOKEN=$(gcloud auth print-access-token)\n ``` \n\n ```\n curl -H \"Authorization: Bearer $TOKEN\" \\\n \"https://apigee.googleapis.com/v1/organizations/$ORG\" | jq .authorizedNetwork\n ```\n\n For example, to determine if VPC peering is enabled, check to see if the response attribute\n `authorizedNetwork` is present and set to a value. If it is not, then VPC peering\n is not enabled: \n\n ```\n TOKEN=$(gcloud auth print-access-token)\n ``` \n\n ```\n curl -H \"Authorization: Bearer $TOKEN\" \\\n \"https://apigee.googleapis.com/v1/organizations/example-org/\" | jq .authorizedNetwork\n ```\n\n This example response indicates that VPC peering is enabled: \n\n ```text\n \"projects/example-org/global/networks/shared-vpc1\"\n ```\n2. Verify with the API proxy developer from the customer side whether this target server domain name is internally configured. If not, this scenario does not apply.\n3. Find the project ID and the network in which the target endpoint is hosted.\n4. List DNS peerings created in the above network. Follow the steps below based on whether the Apigee organization is peered with a VPC network or not.\n\n ### VPC peering enabled\n\n If your organization is VPC peering enabled, use the [peered-dns-domains list](/sdk/gcloud/reference/services/peered-dns-domains/list) command: \n\n ```\n gcloud services peered-dns-domains list --network=NETWORK --project=PROJECT-ID\n ```\n\n\n The result could either be blank if no peered\n DNS domains are available, or list the peered DNS domains. For example: \n\n ```scdoc\n NAME DNS_SUFFIX\n customer-service customer.service.internal.\n accounts-service accounts.service.internal.\n ```\n\n ### VPC peering not enabled\n\n If your organization is not VPC peering enabled, use the following Apigee API: \n\n ```\n curl -X GET -H \"Authorization: Bearer $(gcloud auth print-access-token)\" -H \"Content-Type:application/json\" \\\n \"https://apigee.googleapis.com/v1/organizations/ORGANIZATION/dnsZones\"\n ```\n\n Where: \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eORGANIZATION\u003c/code\u003e\u003c/var\u003e is the name of your Apigee organization.\n\n Sample response, where the organization name is `dns-peering-int-4`: \n\n ```text\n {\n \"dnsZones\": [\n {\n \"name\": \"organizations/dns-peering-int-4/dnsZones/demo\",\n \"description\": \"latest\",\n \"domain\": \"demo.com\",\n \"peeringConfig\": {\n \"targetProjectId\": \"dns-peering-int-4\",\n \"targetNetworkId\": \"default\"\n },\n \"state\": \"ACTIVE\"\n },\n {\n \"name\": \"organizations/dns-peering-int-4/dnsZones/dns-peering-int-4\",\n \"description\": \"latest\",\n \"domain\": \"dns-peering-int-4.com\",\n \"peeringConfig\": {\n \"targetProjectId\": \"dns-peering-int-4\",\n \"targetNetworkId\": \"default\"\n },\n \"state\": \"ACTIVE\"\n }\n ]\n }\n ```\n\n\n If the response does not include a DNS peering entry for the relevant\n DNS suffix, then, that could be the reason for this issue. Follow\n the instructions given in [Resolution](#resolution) to resolve\n it.\n\n#### Resolution\n\n1. Make a note of the DNS suffix, project ID, and network in which the target endpoint is hosted.\n2. Create a peered DNS domain for the DNS suffix.\n\n ### VPC peering enabled\n\n If your organization is VPC peering enabled, use the [peered-dns-domains create](/sdk/gcloud/reference/services/peered-dns-domains/create) gcloud command. Note that the\n DNS suffix should contain a trailing dot at the end of the DNS suffix: \n\n ```\n gcloud services peered-dns-domains create NAME --network=NETWORK --dns-suffix=DNS-SUFFIX. --project=PROJECT-ID\n ```\n\n\n For example: \n\n ```\n gcloud services peered-dns-domains create orders-service --network=\"shared-vpc1\" --dns-suffix=\"orders.service.internal.\" --project=service-project\n ```\n\n Response: \n\n ```text\n Operation \"operations/cpdd.p25-1064980322781-fafa5fe4-b5fe-487e-830d-fff0f9a6200d\" finished successfully.\n ```\n\n ### VPC peering not enabled\n\n If your organization is not VPC peering enabled, create a DNS peering zone with the\n private DNS zone in your project: \n\n ```\n curl -X POST -H \"Authorization: Bearer $(gcloud auth print-access-token)\" -H \"Content-Type:application/json\" \\\n \"https://apigee.googleapis.com/v1/organizations/ORGANIZATION/dnsZones?dnsZoneId=DNS_ZONE_ID\" \\\n -d '{\n \"domain\": \"DOMAIN\",\n \"description\": \"DESCRIPTION\",\n \"peeringConfig\": {\n \"targetProjectId\": \"PRODUCER_PROJECT_ID\",\n \"targetNetworkId\": \"PRODUCER_VPC_NETWORK\"\n }\n }'\n ```\n\n Where:\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eORGANIZATION\u003c/code\u003e\u003c/var\u003e is the name of your Apigee organization.\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eDNS_ZONE_ID\u003c/code\u003e\u003c/var\u003e is the name of the DNS zone you want to create.\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eDOMAIN\u003c/code\u003e\u003c/var\u003e is the DNS name of this managed zone, for instance `example.com`.\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eDESCRIPTION\u003c/code\u003e\u003c/var\u003e is a brief description of the DNS zone. Maximum characters: 1024\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003ePRODUCER_PROJECT_ID\u003c/code\u003e\u003c/var\u003e is the project that contains the producer VPC network.\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003ePRODUCER_VPC_NETWORK\u003c/code\u003e\u003c/var\u003e is the VPC network in the customer project.\n\n | **Note:** In a Shared VPC setup, the host project's network is shared with service projects. Therefore, if a service project's private DNS zone relies on this shared network, the \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003ePRODUCER_PROJECT_ID\u003c/code\u003e\u003c/var\u003e and the \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003ePRODUCER_VPC_NETWORK\u003c/code\u003e\u003c/var\u003e referenced in the DNS configuration will both correspond to the host project.\n3. Now, send an API request to the API proxy endpoint and verify whether the API proxy could resolve the target server domain name and communicate with the target server.\n\nMust gather diagnostic information\n----------------------------------\n\n\nIf the problem persists even after following the above instructions,\ngather the following diagnostic information, and then contact [Google Cloud Customer Care](https://cloud.google.com/support-hub/).\n\n1. Google Cloud project ID\n2. Apigee organization\n3. API proxy and revision\n4. Network in which the private domain is created\n5. DNS suffix of the private domain\n6. The complete output of the peered DNS domain creation command"]]