Esse problema pode ocorrer quando a Apigee não consegue resolver o domínio
nome, se o peering de DNS não estiver configurado nas implantações da Apigee.
Apigee
Causa: o host do servidor de destino especificado está incorreto ou tem caracteres inválidos
Diagnóstico
Envie uma solicitação de API ao proxy de API relevante:
{"fault":{"faultstring":
"Unable to resolve host invalid-target-host","detail":
{"errorcode":"protocol.http.NoResolvedHost","reason":
"TARGET_CONNECT_HOST_NOT_REACHABLE"}}}
Se a resposta contiver o motivo do erro
TARGET_CONNECT_HOST_NOT_REACHABLE, que está relacionado às
por isso.
Resolução
Verifique a definição do proxy de API e encontre o nome do host de destino definido:
Se o nome do host de destino for inválido ou tiver caracteres inválidos,
fazer as correções necessárias, criar uma nova revisão do proxy e implantar
proxy.
Causa: o peering de DNS não está configurado
Diagnóstico
Verificar se a organização da Apigee está fazendo peering com uma rede VPC
invocando a seguinte API da Apigee:
Se a organização da Apigee não fizer peering com uma VPC e usar
Private Service Connect (PSC),
este cenário não se aplica a esta organização da Apigee.
Verifique com o desenvolvedor do proxy de API do lado do cliente se
o nome de domínio do servidor de destino é configurado internamente. Caso contrário,
nesse cenário não se aplica.
Encontre o ID do projeto e a rede em que o endpoint de destino está
hospedados.
gcloud services peered-dns-domains list --network=NETWORK --project=PROJECT-ID
O comando acima pode retornar um resultado em branco se não houver peering
Há domínios DNS disponíveis ou você pode listar domínios DNS em peering da seguinte maneira:
NAME DNS_SUFFIX
customer-service customer.service.internal.
accounts-service accounts.service.internal.
Se o comando acima não listar uma entrada de peering de DNS para o item de linha
esse poderia ser o motivo do problema. Seguir
as instruções fornecidas em Resolução para resolver
ele.
Resolução
Anote o sufixo DNS, o ID do projeto e a rede em que o
e o endpoint de destino
está hospedado.
Crie um domínio DNS com peering para o sufixo DNS usando o
peered-dns-domains create do gcloud. Observe que o
O sufixo DNS precisa ter um ponto final no final.
gcloud services peered-dns-domains create NAME --network=NETWORK --dns-suffix=DNS-SUFFIX. --project=PROJECT-ID
Agora envie uma solicitação de API para o endpoint do proxy de API e verifique
se o proxy de API pode resolver o nome de domínio do servidor de destino
e se comunicar com o servidor de destino:
Se o problema persistir mesmo depois de seguir as instruções acima, reúna as seguintes
informações de diagnóstico e entre em contato com o Suporte do Google Cloud:
ID do projeto do Google Cloud
Organização da Apigee
Proxy e revisão de API
Rede em que o domínio particular é criado
Sufixo DNS do domínio particular
A saída completa do comando de criação de domínio DNS com peering
[[["Fácil de entender","easyToUnderstand","thumb-up"],["Meu problema foi resolvido","solvedMyProblem","thumb-up"],["Outro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Informações incorretas ou exemplo de código","incorrectInformationOrSampleCode","thumb-down"],["Não contém as informações/amostras de que eu preciso","missingTheInformationSamplesINeed","thumb-down"],["Problema na tradução","translationIssue","thumb-down"],["Outro","otherDown","thumb-down"]],["Última atualização 2025-09-04 UTC."],[[["\u003cp\u003eAPI requests failing with a \u003ccode\u003eTARGET_CONNECT_HOST_NOT_REACHABLE\u003c/code\u003e error and \u003ccode\u003eHTTP 503\u003c/code\u003e response can occur in Apigee and Apigee hybrid environments.\u003c/p\u003e\n"],["\u003cp\u003eOne cause of this error is an incorrect or invalid target server host specified within the API proxy definition, which can be resolved by correcting the host name and redeploying the proxy.\u003c/p\u003e\n"],["\u003cp\u003eAnother potential cause in Apigee deployments is the absence of DNS peering, preventing Apigee from resolving domain names, which can be resolved by creating a peered DNS domain using gcloud commands.\u003c/p\u003e\n"],["\u003cp\u003eTo diagnose DNS peering issues, you can use the Apigee API and gcloud commands to verify if the organization is peered with a VPC network and list the existing peered DNS domains.\u003c/p\u003e\n"],["\u003cp\u003eIf issues persist after applying the resolutions, you should gather diagnostic information, including the project ID, Apigee organization details, API proxy information, and network details, and then contact Google Cloud Customer Care.\u003c/p\u003e\n"]]],[],null,["# API requests fail with TARGET_CONNECT_HOST_NOT_REACHABLE error\n\n*You're viewing **Apigee** and **Apigee hybrid** documentation.\nThere is no equivalent\n[Apigee Edge](https://docs.apigee.com/api-platform/get-started/get-started) documentation for this topic.*\n\nSymptoms\n--------\n\n\nAPI requests fail with `TARGET_CONNECT_HOST_NOT_REACHABLE` error.\n\nError Messages\n--------------\n\n\nIf this issue occurs, the API requests will fail with `HTTP 503`\nresponse status code and the following error: \n\n```scdoc\n{\"fault\":{\"faultstring\":\n\"Unable to resolve host invalid-target-host\",\"detail\":\n{\"errorcode\":\"protocol.http.NoResolvedHost\",\"reason\":\n\"TARGET_CONNECT_HOST_NOT_REACHABLE\"}}}\n```\n\nPossible Causes\n---------------\n\n\nThe following potential causes have been identified for the aforementioned\nsymptom:\n\n### Cause: target server host specified is incorrect or has invalid characters\n\n#### Diagnosis\n\n1. Send an API request to the relevant API proxy:\n\n ```\n curl -ik https://dev.example.com/dns-peering-example\n HTTP/2 503\n content-type: application/json\n x-request-id: ***\n content-length: 169\n date: Thu, 02 Nov 2023 04:31:43 GMT\n via: 1.1 google\n alt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\n ```\n\n and check the response message: \n\n ```scdoc\n {\"fault\":{\"faultstring\":\n \"Unable to resolve host invalid-target-host\",\"detail\":\n {\"errorcode\":\"protocol.http.NoResolvedHost\",\"reason\":\n \"TARGET_CONNECT_HOST_NOT_REACHABLE\"}}}\n ```\n2. If the response contains the error reason `TARGET_CONNECT_HOST_NOT_REACHABLE` then, that is related to this reason.\n\n#### Resolution\n\n1. Check the API proxy definition and find the target hostname defined:\n2. If the target hostname given is invalid or has invalid characters, fix it accordingly, create a new revision of the proxy, and deploy the proxy.\n\n### Cause: DNS peering is not configured\n\n#### Diagnosis\n\n1. Check whether the Apigee organization is peered with a VPC network by invoking the following Apigee API: \n\n ```\n TOKEN=$(gcloud auth print-access-token)\n ``` \n\n ```\n curl -H \"Authorization: Bearer $TOKEN\" \\\n \"https://apigee.googleapis.com/v1/organizations/$ORG\" | jq .authorizedNetwork\n ```\n\n For example, to determine if VPC peering is enabled, check to see if the response attribute\n `authorizedNetwork` is present and set to a value. If it is not, then VPC peering\n is not enabled: \n\n ```\n TOKEN=$(gcloud auth print-access-token)\n ``` \n\n ```\n curl -H \"Authorization: Bearer $TOKEN\" \\\n \"https://apigee.googleapis.com/v1/organizations/example-org/\" | jq .authorizedNetwork\n ```\n\n This example response indicates that VPC peering is enabled: \n\n ```text\n \"projects/example-org/global/networks/shared-vpc1\"\n ```\n2. Verify with the API proxy developer from the customer side whether this target server domain name is internally configured. If not, this scenario does not apply.\n3. Find the project ID and the network in which the target endpoint is hosted.\n4. List DNS peerings created in the above network. Follow the steps below based on whether the Apigee organization is peered with a VPC network or not.\n\n ### VPC peering enabled\n\n If your organization is VPC peering enabled, use the [peered-dns-domains list](/sdk/gcloud/reference/services/peered-dns-domains/list) command: \n\n ```\n gcloud services peered-dns-domains list --network=NETWORK --project=PROJECT-ID\n ```\n\n\n The result could either be blank if no peered\n DNS domains are available, or list the peered DNS domains. For example: \n\n ```scdoc\n NAME DNS_SUFFIX\n customer-service customer.service.internal.\n accounts-service accounts.service.internal.\n ```\n\n ### VPC peering not enabled\n\n If your organization is not VPC peering enabled, use the following Apigee API: \n\n ```\n curl -X GET -H \"Authorization: Bearer $(gcloud auth print-access-token)\" -H \"Content-Type:application/json\" \\\n \"https://apigee.googleapis.com/v1/organizations/ORGANIZATION/dnsZones\"\n ```\n\n Where: \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eORGANIZATION\u003c/code\u003e\u003c/var\u003e is the name of your Apigee organization.\n\n Sample response, where the organization name is `dns-peering-int-4`: \n\n ```text\n {\n \"dnsZones\": [\n {\n \"name\": \"organizations/dns-peering-int-4/dnsZones/demo\",\n \"description\": \"latest\",\n \"domain\": \"demo.com\",\n \"peeringConfig\": {\n \"targetProjectId\": \"dns-peering-int-4\",\n \"targetNetworkId\": \"default\"\n },\n \"state\": \"ACTIVE\"\n },\n {\n \"name\": \"organizations/dns-peering-int-4/dnsZones/dns-peering-int-4\",\n \"description\": \"latest\",\n \"domain\": \"dns-peering-int-4.com\",\n \"peeringConfig\": {\n \"targetProjectId\": \"dns-peering-int-4\",\n \"targetNetworkId\": \"default\"\n },\n \"state\": \"ACTIVE\"\n }\n ]\n }\n ```\n\n\n If the response does not include a DNS peering entry for the relevant\n DNS suffix, then, that could be the reason for this issue. Follow\n the instructions given in [Resolution](#resolution) to resolve\n it.\n\n#### Resolution\n\n1. Make a note of the DNS suffix, project ID, and network in which the target endpoint is hosted.\n2. Create a peered DNS domain for the DNS suffix.\n\n ### VPC peering enabled\n\n If your organization is VPC peering enabled, use the [peered-dns-domains create](/sdk/gcloud/reference/services/peered-dns-domains/create) gcloud command. Note that the\n DNS suffix should contain a trailing dot at the end of the DNS suffix: \n\n ```\n gcloud services peered-dns-domains create NAME --network=NETWORK --dns-suffix=DNS-SUFFIX. --project=PROJECT-ID\n ```\n\n\n For example: \n\n ```\n gcloud services peered-dns-domains create orders-service --network=\"shared-vpc1\" --dns-suffix=\"orders.service.internal.\" --project=service-project\n ```\n\n Response: \n\n ```text\n Operation \"operations/cpdd.p25-1064980322781-fafa5fe4-b5fe-487e-830d-fff0f9a6200d\" finished successfully.\n ```\n\n ### VPC peering not enabled\n\n If your organization is not VPC peering enabled, create a DNS peering zone with the\n private DNS zone in your project: \n\n ```\n curl -X POST -H \"Authorization: Bearer $(gcloud auth print-access-token)\" -H \"Content-Type:application/json\" \\\n \"https://apigee.googleapis.com/v1/organizations/ORGANIZATION/dnsZones?dnsZoneId=DNS_ZONE_ID\" \\\n -d '{\n \"domain\": \"DOMAIN\",\n \"description\": \"DESCRIPTION\",\n \"peeringConfig\": {\n \"targetProjectId\": \"PRODUCER_PROJECT_ID\",\n \"targetNetworkId\": \"PRODUCER_VPC_NETWORK\"\n }\n }'\n ```\n\n Where:\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eORGANIZATION\u003c/code\u003e\u003c/var\u003e is the name of your Apigee organization.\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eDNS_ZONE_ID\u003c/code\u003e\u003c/var\u003e is the name of the DNS zone you want to create.\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eDOMAIN\u003c/code\u003e\u003c/var\u003e is the DNS name of this managed zone, for instance `example.com`.\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eDESCRIPTION\u003c/code\u003e\u003c/var\u003e is a brief description of the DNS zone. Maximum characters: 1024\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003ePRODUCER_PROJECT_ID\u003c/code\u003e\u003c/var\u003e is the project that contains the producer VPC network.\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003ePRODUCER_VPC_NETWORK\u003c/code\u003e\u003c/var\u003e is the VPC network in the customer project.\n\n | **Note:** In a Shared VPC setup, the host project's network is shared with service projects. Therefore, if a service project's private DNS zone relies on this shared network, the \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003ePRODUCER_PROJECT_ID\u003c/code\u003e\u003c/var\u003e and the \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003ePRODUCER_VPC_NETWORK\u003c/code\u003e\u003c/var\u003e referenced in the DNS configuration will both correspond to the host project.\n3. Now, send an API request to the API proxy endpoint and verify whether the API proxy could resolve the target server domain name and communicate with the target server.\n\nMust gather diagnostic information\n----------------------------------\n\n\nIf the problem persists even after following the above instructions,\ngather the following diagnostic information, and then contact [Google Cloud Customer Care](https://cloud.google.com/support-hub/).\n\n1. Google Cloud project ID\n2. Apigee organization\n3. API proxy and revision\n4. Network in which the private domain is created\n5. DNS suffix of the private domain\n6. The complete output of the peered DNS domain creation command"]]