Stay organized with collections
Save and categorize content based on your preferences.
This page describes special configurations for DNS.
DNS outbound forwarding for multiple VPC networks
If you want more than one Virtual Private Cloud (VPC) network to query an
on-premises DNS server, you must create a forwarding zone in one of the networks
that points to the on-premises environment. Then, in each of the other projects,
create a peering zone that points to the VPC network designated
to query the forwarding zone. Peering between two VPC networks is
applicable within the same or different projects.
For example, you have VPC networks A, B, and C connected to
on-premises through VPN tunnels or VLAN attachments. You can create a
forwarding zone in VPC network A that forwards requests to the
on-premises DNS server. You can then create peering zones for VPC
networks B and C that point to the forwarding zone. As a result, queries for
example.com. resolve according to the
name resolution order
of VPC network A.
Example
Suppose that your domain company.com has several VPC
networks in the Google Cloud console that may or may not be
DNS peered.
All the VPC networks need to reach the same set of
on-premises DNS servers for records in the DNS zone corp.company.com..
Ensure that the VPC networks don't have overlapping
CIDR ranges.
Configuration
Designate a single VPC network for outbound DNS forwarding
to on-premises name servers. Name this core-vpc, for example.
Configure one or more VPN tunnels or VLAN attachments between core-vpc
and your on-premises environment.
Create an outbound forwarding zone in the project that contains core-vpc
for the DNS name corp.company.com.. Configure the IP addresses of the
on-premises name servers as the targets of the zone. Authorize core-vpc
to query the forwarding zone.
For every other VPC network,
create a DNS peering zone
for the DNS name corp.company.com. that points to core-vpc.
What's next
To find solutions for common issues that you might encounter when using
Cloud DNS, see Troubleshooting.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis page explains how to configure DNS outbound forwarding for multiple Virtual Private Cloud (VPC) networks to query on-premises DNS servers.\u003c/p\u003e\n"],["\u003cp\u003eA designated VPC network with a forwarding zone is required to direct queries to the on-premises environment when multiple VPC networks need to query the same on-premises DNS server.\u003c/p\u003e\n"],["\u003cp\u003ePeering zones in other VPC networks can be set up to point to the forwarding zone in the designated VPC network, ensuring consistent name resolution across networks.\u003c/p\u003e\n"],["\u003cp\u003eEach VPC network must not have overlapping CIDR ranges, and this solution applies whether the networks are in the same or different projects.\u003c/p\u003e\n"],["\u003cp\u003eThe designated network requires a connection to the on-premises environment via VPN or VLAN attachments.\u003c/p\u003e\n"]]],[],null,["# Special configurations\n\nThis page describes special configurations for DNS.\n\nDNS outbound forwarding for multiple VPC networks\n-------------------------------------------------\n\nIf you want more than one Virtual Private Cloud (VPC) network to query an\non-premises DNS server, you must create a forwarding zone in one of the networks\nthat points to the on-premises environment. Then, in each of the other projects,\ncreate a peering zone that points to the VPC network designated\nto query the forwarding zone. Peering between two VPC networks is\napplicable within the same or different projects.\n\nFor example, you have VPC networks A, B, and C connected to\non-premises through VPN tunnels or VLAN attachments. You can create a\nforwarding zone in VPC network A that forwards requests to the\non-premises DNS server. You can then create peering zones for VPC\nnetworks B and C that point to the forwarding zone. As a result, queries for\n`example.com.` resolve according to the\n[name resolution order](/dns/docs/vpc-name-res-order)\nof VPC network A.\n\n### Example\n\n1. Suppose that your domain `company.com` has several VPC networks in the Google Cloud console that may or may not be [DNS peered](/dns/docs/overview#dns-peering).\n2. All the VPC networks need to reach the same set of on-premises DNS servers for records in the DNS zone `corp.company.com.`.\n3. Ensure that the VPC networks don't have overlapping CIDR ranges.\n\n### Configuration\n\n1. Designate a single VPC network for outbound DNS forwarding to on-premises name servers. Name this `core-vpc`, for example.\n2. Configure one or more VPN tunnels or VLAN attachments between `core-vpc` and your on-premises environment.\n3. Create an outbound forwarding zone in the project that contains `core-vpc` for the DNS name `corp.company.com.`. Configure the IP addresses of the on-premises name servers as the targets of the zone. Authorize `core-vpc` to query the forwarding zone.\n4. For every other VPC network, [create a DNS peering zone](/dns/docs/zones#peering-zones) for the DNS name `corp.company.com.` that points to `core-vpc`.\n\nWhat's next\n-----------\n\n- To find solutions for common issues that you might encounter when using Cloud DNS, see [Troubleshooting](/dns/docs/troubleshooting).\n- To get an overview of Cloud DNS, see [Cloud DNS\n overview](/dns/docs/overview).\n- To learn about using multi-provider public DNS, see [Best practices for\n Cloud DNS](/dns/docs/best-practices#multi-provider-dns)."]]
