Cloud DNS supports different types of policies. This page provides details about the different policy types and when you can use one or the other.
- Server policies apply private DNS configuration to a Virtual Private Cloud (VPC) network (DNS forwarding, logging).
- Response policies override private DNS responses based on the query name.
- Routing policies steer traffic based on the query (for example, round robin, geolocation).
You can use all three policies at the same time depending on your needs.
Server policies
Use server policies to set up hybrid deployments for DNS resolutions. You can set up an inbound server policy depending on the direction of DNS resolutions. If your workloads plan to use an on-premises DNS resolver, you can set up DNS forwarding zones by using an outbound server policy. On the other hand, if you want your on-premises workloads to resolve names on Google Cloud, you can set up an inbound server policy.
For more information, see the Server policies overview.
Response policies
Use response policies to add custom rules that modify how DNS queries are handled within your network. The DNS resolver consults these rules during DNS lookups. Response policies let you customize DNS management within a private zone by using rules instead of records. If a rule in the response policy affects the incoming query, it is processed; otherwise, the lookup proceeds normally. Use these rules to achieve results similar to the DNS response policy zone (RPZ) draft concept (IETF). For information about how to manage response policies, see Manage response policies and rules.
A response policy is different from an RPZ, which is an otherwise normal DNS zone with specially formatted data that causes compatible resolvers to provide different responses to queries. Response policies aren't DNS zones and are managed separately. For more information, see Manage response policies and rules.
Routing policies
Use DNS routing policies for a resource record set to steer traffic based on the query and other factors, such as weighted round robin (WRR), geolocation, or failover. DNS routing policies lets you do the following:
- Steer traffic from a geographical location to a content delivery network (CDN) provider.
- Route your on-premises traffic to Google Cloud load balancers based on the query's source region.
- Specify that traffic that originated from a specific continent is served by services in the same continent.
- Route traffic to different service providers on WRR basis.
- Onboard new services with a percentage of the total traffic.
For more information, see DNS routing policies and health checks.
What's next
- Apply DNS server policies
- Manage response policies and rules
- Manage DNS routing policies and health checks