Special configurations

This page describes special configurations for DNS.

DNS outbound forwarding for multiple VPC networks

If you want more than one Virtual Private Cloud (VPC) network to query an on-premises DNS server, you must create a forwarding zone in one of the networks that points to the on-premises environment. Then, in each of the other projects, create a peering zone that points to the VPC network designated to query the forwarding zone. Peering between two VPC networks is applicable within the same or different projects.

For example, you have VPC networks A, B, and C connected to on-premises through VPN tunnels and/or VLAN attachments. You can create a forwarding zone in VPC network A that forwards requests to the on-premises DNS server. You can then create peering zones for VPC networks B and C that point to the forwarding zone. As a result, queries for example.com. resolve according to the name resolution order of VPC network A.

Example

  1. Suppose that your domain company.com has several VPC networks in the Google Cloud console that may or may not be DNS peered.
  2. All the VPC networks need to reach the same set of on-premises DNS servers for records in the DNS zone corp.company.com..
  3. Ensure that the VPC networks do not have overlapping CIDR ranges.

Configuration

  1. Designate a single VPC network for outbound DNS forwarding to on-premises name servers. Name this core-vpc, for example.
  2. Configure one or more VPN tunnels or VLAN attachments between core-vpc and your on-premises environment.
  3. Create an outbound forwarding zone in the project that contains core-vpc for the DNS name corp.company.com.. Configure the IP addresses of the on-premises name servers as the targets of the zone. Authorize core-vpc to query the forwarding zone.
  4. For every other VPC network, create a DNS peering zone for the DNS name corp.company.com. that points to core-vpc.

What's next