Ce problème peut survenir lorsque Apigee ne parvient pas à résoudre le nom de domaine si l'appairage DNS n'est pas configuré dans les déploiements Apigee.
Apigee
Cause : l'hôte du serveur cible spécifié est incorrect ou comporte des caractères non valides
Diagnostic
Envoyez une requête API au proxy d'API approprié :
{"fault":{"faultstring":
"Unable to resolve host invalid-target-host","detail":
{"errorcode":"protocol.http.NoResolvedHost","reason":
"TARGET_CONNECT_HOST_NOT_REACHABLE"}}}
Si la réponse contient le motif d'erreur TARGET_CONNECT_HOST_NOT_REACHABLE, cela signifie que l'erreur est liée à ce motif.
Solution
Vérifiez la définition du proxy d'API et recherchez le nom d'hôte cible défini :
Si le nom d'hôte cible indiqué n'est pas valide ou contient des caractères non valides, corrigez-le, créez une nouvelle révision du proxy et déployez le proxy.
Cause : l'appairage DNS n'est pas configuré
Diagnostic
Vérifiez si l'organisation Apigee est appairée à un réseau VPC en appelant l'API Apigee suivante :
Si l'organisation Apigee n'est pas appairée à un VPC et si elle utilise Private Service Connect (PSC), ce scénario ne s'applique pas à cette organisation Apigee.
Vérifiez auprès du développeur du proxy d'API côté client si ce nom de domaine du serveur cible est configuré en interne. Si ce n'est pas le cas, ce scénario ne s'applique pas.
Recherchez l'ID de projet et le réseau sur lequel le point de terminaison cible est hébergé.
Listez les appairages DNS créés dans le réseau ci-dessus en exécutant la commande
peered-dns-domains list :
gcloud services peered-dns-domains list --network=NETWORK --project=PROJECT-ID
La commande ci-dessus peut renvoyer un résultat vide si aucun domaine DNS appairé n'est disponible, ou bien une liste des domaines DNS appairés, semblable à celle-ci :
NAME DNS_SUFFIX
customer-service customer.service.internal.
accounts-service accounts.service.internal.
Si la commande ci-dessus ne liste pas d'entrée d'appairage DNS pour le suffixe DNS concerné, cela peut être la raison de ce problème. Suivez les instructions fournies dans la section Solution pour le résoudre.
Solution
Notez le suffixe DNS, l'ID de projet et le réseau sur lequel le point de terminaison cible est hébergé.
Créez un domaine DNS appairé pour le suffixe DNS, à l'aide de la commande gcloud
peered-dns-domains create. Notez que le suffixe DNS doit se terminer par un point.
gcloud services peered-dns-domains create NAME --network=NETWORK --dns-suffix=DNS-SUFFIX. --project=PROJECT-ID
Envoyez maintenant une requête API au point de terminaison du proxy d'API, et vérifiez que le proxy d'API parvient à résoudre le nom de domaine du serveur cible et à communiquer avec le serveur cible :
Vous devez collecter des informations de diagnostic
Si le problème persiste, même après avoir suivi les instructions ci-dessus, rassemblez les informations de diagnostic suivantes, puis contactez Google Cloud Customer Care :
ID de projet Google Cloud
Organisation Apigee
Proxy d'API et son numéro de révision
Réseau dans lequel le domaine privé est créé
Suffixe DNS du domaine privé
Résultat complet de la commande de création de domaine DNS appairé
Sauf indication contraire, le contenu de cette page est régi par une licence Creative Commons Attribution 4.0, et les échantillons de code sont régis par une licence Apache 2.0. Pour en savoir plus, consultez les Règles du site Google Developers. Java est une marque déposée d'Oracle et/ou de ses sociétés affiliées.
Dernière mise à jour le 2025/09/04 (UTC).
[[["Facile à comprendre","easyToUnderstand","thumb-up"],["J'ai pu résoudre mon problème","solvedMyProblem","thumb-up"],["Autre","otherUp","thumb-up"]],[["Difficile à comprendre","hardToUnderstand","thumb-down"],["Informations ou exemple de code incorrects","incorrectInformationOrSampleCode","thumb-down"],["Il n'y a pas l'information/les exemples dont j'ai besoin","missingTheInformationSamplesINeed","thumb-down"],["Problème de traduction","translationIssue","thumb-down"],["Autre","otherDown","thumb-down"]],["Dernière mise à jour le 2025/09/04 (UTC)."],[[["\u003cp\u003eAPI requests failing with a \u003ccode\u003eTARGET_CONNECT_HOST_NOT_REACHABLE\u003c/code\u003e error and \u003ccode\u003eHTTP 503\u003c/code\u003e response can occur in Apigee and Apigee hybrid environments.\u003c/p\u003e\n"],["\u003cp\u003eOne cause of this error is an incorrect or invalid target server host specified within the API proxy definition, which can be resolved by correcting the host name and redeploying the proxy.\u003c/p\u003e\n"],["\u003cp\u003eAnother potential cause in Apigee deployments is the absence of DNS peering, preventing Apigee from resolving domain names, which can be resolved by creating a peered DNS domain using gcloud commands.\u003c/p\u003e\n"],["\u003cp\u003eTo diagnose DNS peering issues, you can use the Apigee API and gcloud commands to verify if the organization is peered with a VPC network and list the existing peered DNS domains.\u003c/p\u003e\n"],["\u003cp\u003eIf issues persist after applying the resolutions, you should gather diagnostic information, including the project ID, Apigee organization details, API proxy information, and network details, and then contact Google Cloud Customer Care.\u003c/p\u003e\n"]]],[],null,["# API requests fail with TARGET_CONNECT_HOST_NOT_REACHABLE error\n\n*You're viewing **Apigee** and **Apigee hybrid** documentation.\nThere is no equivalent\n[Apigee Edge](https://docs.apigee.com/api-platform/get-started/get-started) documentation for this topic.*\n\nSymptoms\n--------\n\n\nAPI requests fail with `TARGET_CONNECT_HOST_NOT_REACHABLE` error.\n\nError Messages\n--------------\n\n\nIf this issue occurs, the API requests will fail with `HTTP 503`\nresponse status code and the following error: \n\n```scdoc\n{\"fault\":{\"faultstring\":\n\"Unable to resolve host invalid-target-host\",\"detail\":\n{\"errorcode\":\"protocol.http.NoResolvedHost\",\"reason\":\n\"TARGET_CONNECT_HOST_NOT_REACHABLE\"}}}\n```\n\nPossible Causes\n---------------\n\n\nThe following potential causes have been identified for the aforementioned\nsymptom:\n\n### Cause: target server host specified is incorrect or has invalid characters\n\n#### Diagnosis\n\n1. Send an API request to the relevant API proxy:\n\n ```\n curl -ik https://dev.example.com/dns-peering-example\n HTTP/2 503\n content-type: application/json\n x-request-id: ***\n content-length: 169\n date: Thu, 02 Nov 2023 04:31:43 GMT\n via: 1.1 google\n alt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\n ```\n\n and check the response message: \n\n ```scdoc\n {\"fault\":{\"faultstring\":\n \"Unable to resolve host invalid-target-host\",\"detail\":\n {\"errorcode\":\"protocol.http.NoResolvedHost\",\"reason\":\n \"TARGET_CONNECT_HOST_NOT_REACHABLE\"}}}\n ```\n2. If the response contains the error reason `TARGET_CONNECT_HOST_NOT_REACHABLE` then, that is related to this reason.\n\n#### Resolution\n\n1. Check the API proxy definition and find the target hostname defined:\n2. If the target hostname given is invalid or has invalid characters, fix it accordingly, create a new revision of the proxy, and deploy the proxy.\n\n### Cause: DNS peering is not configured\n\n#### Diagnosis\n\n1. Check whether the Apigee organization is peered with a VPC network by invoking the following Apigee API: \n\n ```\n TOKEN=$(gcloud auth print-access-token)\n ``` \n\n ```\n curl -H \"Authorization: Bearer $TOKEN\" \\\n \"https://apigee.googleapis.com/v1/organizations/$ORG\" | jq .authorizedNetwork\n ```\n\n For example, to determine if VPC peering is enabled, check to see if the response attribute\n `authorizedNetwork` is present and set to a value. If it is not, then VPC peering\n is not enabled: \n\n ```\n TOKEN=$(gcloud auth print-access-token)\n ``` \n\n ```\n curl -H \"Authorization: Bearer $TOKEN\" \\\n \"https://apigee.googleapis.com/v1/organizations/example-org/\" | jq .authorizedNetwork\n ```\n\n This example response indicates that VPC peering is enabled: \n\n ```text\n \"projects/example-org/global/networks/shared-vpc1\"\n ```\n2. Verify with the API proxy developer from the customer side whether this target server domain name is internally configured. If not, this scenario does not apply.\n3. Find the project ID and the network in which the target endpoint is hosted.\n4. List DNS peerings created in the above network. Follow the steps below based on whether the Apigee organization is peered with a VPC network or not.\n\n ### VPC peering enabled\n\n If your organization is VPC peering enabled, use the [peered-dns-domains list](/sdk/gcloud/reference/services/peered-dns-domains/list) command: \n\n ```\n gcloud services peered-dns-domains list --network=NETWORK --project=PROJECT-ID\n ```\n\n\n The result could either be blank if no peered\n DNS domains are available, or list the peered DNS domains. For example: \n\n ```scdoc\n NAME DNS_SUFFIX\n customer-service customer.service.internal.\n accounts-service accounts.service.internal.\n ```\n\n ### VPC peering not enabled\n\n If your organization is not VPC peering enabled, use the following Apigee API: \n\n ```\n curl -X GET -H \"Authorization: Bearer $(gcloud auth print-access-token)\" -H \"Content-Type:application/json\" \\\n \"https://apigee.googleapis.com/v1/organizations/ORGANIZATION/dnsZones\"\n ```\n\n Where: \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eORGANIZATION\u003c/code\u003e\u003c/var\u003e is the name of your Apigee organization.\n\n Sample response, where the organization name is `dns-peering-int-4`: \n\n ```text\n {\n \"dnsZones\": [\n {\n \"name\": \"organizations/dns-peering-int-4/dnsZones/demo\",\n \"description\": \"latest\",\n \"domain\": \"demo.com\",\n \"peeringConfig\": {\n \"targetProjectId\": \"dns-peering-int-4\",\n \"targetNetworkId\": \"default\"\n },\n \"state\": \"ACTIVE\"\n },\n {\n \"name\": \"organizations/dns-peering-int-4/dnsZones/dns-peering-int-4\",\n \"description\": \"latest\",\n \"domain\": \"dns-peering-int-4.com\",\n \"peeringConfig\": {\n \"targetProjectId\": \"dns-peering-int-4\",\n \"targetNetworkId\": \"default\"\n },\n \"state\": \"ACTIVE\"\n }\n ]\n }\n ```\n\n\n If the response does not include a DNS peering entry for the relevant\n DNS suffix, then, that could be the reason for this issue. Follow\n the instructions given in [Resolution](#resolution) to resolve\n it.\n\n#### Resolution\n\n1. Make a note of the DNS suffix, project ID, and network in which the target endpoint is hosted.\n2. Create a peered DNS domain for the DNS suffix.\n\n ### VPC peering enabled\n\n If your organization is VPC peering enabled, use the [peered-dns-domains create](/sdk/gcloud/reference/services/peered-dns-domains/create) gcloud command. Note that the\n DNS suffix should contain a trailing dot at the end of the DNS suffix: \n\n ```\n gcloud services peered-dns-domains create NAME --network=NETWORK --dns-suffix=DNS-SUFFIX. --project=PROJECT-ID\n ```\n\n\n For example: \n\n ```\n gcloud services peered-dns-domains create orders-service --network=\"shared-vpc1\" --dns-suffix=\"orders.service.internal.\" --project=service-project\n ```\n\n Response: \n\n ```text\n Operation \"operations/cpdd.p25-1064980322781-fafa5fe4-b5fe-487e-830d-fff0f9a6200d\" finished successfully.\n ```\n\n ### VPC peering not enabled\n\n If your organization is not VPC peering enabled, create a DNS peering zone with the\n private DNS zone in your project: \n\n ```\n curl -X POST -H \"Authorization: Bearer $(gcloud auth print-access-token)\" -H \"Content-Type:application/json\" \\\n \"https://apigee.googleapis.com/v1/organizations/ORGANIZATION/dnsZones?dnsZoneId=DNS_ZONE_ID\" \\\n -d '{\n \"domain\": \"DOMAIN\",\n \"description\": \"DESCRIPTION\",\n \"peeringConfig\": {\n \"targetProjectId\": \"PRODUCER_PROJECT_ID\",\n \"targetNetworkId\": \"PRODUCER_VPC_NETWORK\"\n }\n }'\n ```\n\n Where:\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eORGANIZATION\u003c/code\u003e\u003c/var\u003e is the name of your Apigee organization.\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eDNS_ZONE_ID\u003c/code\u003e\u003c/var\u003e is the name of the DNS zone you want to create.\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eDOMAIN\u003c/code\u003e\u003c/var\u003e is the DNS name of this managed zone, for instance `example.com`.\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eDESCRIPTION\u003c/code\u003e\u003c/var\u003e is a brief description of the DNS zone. Maximum characters: 1024\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003ePRODUCER_PROJECT_ID\u003c/code\u003e\u003c/var\u003e is the project that contains the producer VPC network.\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003ePRODUCER_VPC_NETWORK\u003c/code\u003e\u003c/var\u003e is the VPC network in the customer project.\n\n | **Note:** In a Shared VPC setup, the host project's network is shared with service projects. Therefore, if a service project's private DNS zone relies on this shared network, the \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003ePRODUCER_PROJECT_ID\u003c/code\u003e\u003c/var\u003e and the \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003ePRODUCER_VPC_NETWORK\u003c/code\u003e\u003c/var\u003e referenced in the DNS configuration will both correspond to the host project.\n3. Now, send an API request to the API proxy endpoint and verify whether the API proxy could resolve the target server domain name and communicate with the target server.\n\nMust gather diagnostic information\n----------------------------------\n\n\nIf the problem persists even after following the above instructions,\ngather the following diagnostic information, and then contact [Google Cloud Customer Care](https://cloud.google.com/support-hub/).\n\n1. Google Cloud project ID\n2. Apigee organization\n3. API proxy and revision\n4. Network in which the private domain is created\n5. DNS suffix of the private domain\n6. The complete output of the peered DNS domain creation command"]]