Organízate con las colecciones
Guarda y clasifica el contenido según tus preferencias.
En esta página se explica cómo crear una zona con la vinculación entre proyectos habilitada.
Para obtener información detallada, consulta Vinculación entre proyectos.
Permisos que se necesitan para completar esta tarea
Para realizar esta tarea, debes tener los siguientes permisos o los siguientes roles de gestión de identidades y accesos.
Permisos
dns.networks.bindPrivateDNSZone en el proyecto propietario de la red de VPC
dns.managedZones.create en el proyecto propietario de la zona DNS
Roles
roles/dns.admin
Limitaciones
Tus proyectos deben estar en la misma organización.
No puedes asociar una zona a una red de VPC de un proyecto que no pertenezca a la organización.
Configurar el enlace entre proyectos
Puedes crear una zona privada gestionada que se pueda vincular a una red propiedad de otro proyecto de la misma organización. En lugar de especificar la red en el mismo proyecto, especifica la URL de la red en otro proyecto de la misma organización.
Por ejemplo, supongamos que tienes dos proyectos: proyecto A y proyecto B. La red de VPC está en el proyecto A. Para asegurarte de que todas las VMs de esa red de VPC puedan resolver las zonas DNS del proyecto B, sigue estos pasos.
Para crear una zona privada, ejecuta el dns managed-zones create
comando en el proyecto B,
donde quieras crear o gestionar la zona DNS:
gcloud dns managed-zones create NAME \
--dns-name=DNS_SUFFIX \
--description="Cross Project Binding" \
--visibility=private \
--networks=VPC_NETWORK
Haz los cambios siguientes:
NAME: nombre de la zona
DNS_SUFFIX: el sufijo DNS de tu zona, como
example.private
VPC_NETWORK: la URL de la VPC compartida que tiene autorización para consultar la zona del proyecto A, como
https://www.googleapis.com/compute/v1/projects/project-a/global/networks/default.
De esta forma, se crea una zona privada en el proyecto B, donde quieres crear y gestionar la zona DNS. El resultado es similar al siguiente:
Created
[https://dns.googleapis.com/dns/v1/projects/project-b/managedZones/my-zone].
[[["Es fácil de entender","easyToUnderstand","thumb-up"],["Me ofreció una solución al problema","solvedMyProblem","thumb-up"],["Otro","otherUp","thumb-up"]],[["Es difícil de entender","hardToUnderstand","thumb-down"],["La información o el código de muestra no son correctos","incorrectInformationOrSampleCode","thumb-down"],["Me faltan las muestras o la información que necesito","missingTheInformationSamplesINeed","thumb-down"],["Problema de traducción","translationIssue","thumb-down"],["Otro","otherDown","thumb-down"]],["Última actualización: 2025-08-21 (UTC)."],[[["\u003cp\u003eThis guide outlines the process of creating a managed private zone with cross-project binding enabled, allowing it to be associated with a network in a different project within the same organization.\u003c/p\u003e\n"],["\u003cp\u003eTo perform this task, users need \u003ccode\u003edns.networks.bindPrivateDNSZone\u003c/code\u003e permission on the VPC network's project and \u003ccode\u003edns.managedZones.create\u003c/code\u003e permission on the DNS zone's project, or the \u003ccode\u003eroles/dns.admin\u003c/code\u003e role.\u003c/p\u003e\n"],["\u003cp\u003eThe projects involved must be within the same organization, and zones cannot be linked to VPC networks outside this organizational boundary.\u003c/p\u003e\n"],["\u003cp\u003eThe process involves obtaining the VPC network's URL from the first project using the \u003ccode\u003egcloud compute networks describe\u003c/code\u003e command and then using that URL when creating the private zone in the second project with the \u003ccode\u003egcloud dns managed-zones create\u003c/code\u003e command.\u003c/p\u003e\n"],["\u003cp\u003eThe VPC Network will be associated with a DNS zone in a different project within the organization so that all the VMs in that VPC network can resolve the DNS zones.\u003c/p\u003e\n"]]],[],null,["# Create a zone with cross-project binding\n\nThis page provides instructions about how to create a zone with cross-project\nbinding enabled.\nFor detailed background information, see [Cross-project\nbinding](/dns/docs/zones/zones-overview#cross-project_binding).\n\n#### Permissions required for this task\n\nTo perform this task, you must have been granted the following permissions\n*or* the following IAM roles.\n\n**Permissions**\n\n- `dns.networks.bindPrivateDNSZone` on the project that owns the VPC network\n- `dns.managedZones.create` on the project that owns the DNS zone\n\n**Roles**\n\n- `roles/dns.admin`\n\nLimitations\n-----------\n\n- Your projects need to be in the same organization.\n- You cannot associate a zone to a VPC network in a project outside the organization.\n\nSet up cross-project binding\n----------------------------\n\nYou can create a managed private zone that can be bound to a network that is\nowned by a different project within the same organization. Instead of\nspecifying the network in the *same* project, specify the URL of the network in\n*another* project under the same organization.\n\nExample: Suppose that you have two projects, *project A* and *project B* . The\nVPC network is in *project A* . To make sure that all\nthe VMs in that VPC network are able to resolve the DNS zones\nin *project B*, follow these steps.\n\n1. To get the network URL, use the [`gcloud compute networks\n describe` command](/sdk/gcloud/reference/compute/networks/describe) in\n *project A*:\n\n ```\n gcloud compute networks describe NETWORK_NAME\n ```\n\n Replace \u003cvar translate=\"no\"\u003eNETWORK_NAME\u003c/var\u003e with the name of the\n VPC network in *project A*.\n\n Your output lists the network URL as `SelfLink`, which is the URL that you need.\n The output looks similar to the following: \n\n ```\n autoCreateSubnetworks: true\n creationTimestamp: '2021-08-11T14:07:16.454-07:00'\n description: Default network for the project\n id: '2485375699124847339'\n kind: compute#network\n name: default\n routingConfig:\n routingMode: REGIONAL\n selfLink: https://www.googleapis.com/compute/v1/projects/project-a/global/networks/default\n subnetworks:\n ```\n2. Create a private zone by running the [`dns managed-zones create`\n command](/sdk/gcloud/reference/dns/managed-zones/create) in *project B*,\n where you want to create or manage the DNS zone:\n\n ```\n gcloud dns managed-zones create NAME \\\n --dns-name=DNS_SUFFIX \\\n --description=\"Cross Project Binding\" \\\n --visibility=private \\\n --networks=VPC_NETWORK\n ```\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eNAME\u003c/var\u003e: a name for your zone\n - \u003cvar translate=\"no\"\u003eDNS_SUFFIX\u003c/var\u003e: the DNS suffix for your zone, such as `example.private`\n - \u003cvar translate=\"no\"\u003eVPC_NETWORK\u003c/var\u003e: the shared VPC URL that is authorized to query the zone from *project A*, such as https://www.googleapis.com/compute/v1/projects/project-a/global/networks/default.\n\n This creates a private zone in *project B* where you want to create and manage\n the DNS zone. Your output is similar to the following: \n\n ```\n Created\n [https://dns.googleapis.com/dns/v1/projects/project-b/managedZones/my-zone].\n ```\n\nWhat's next\n-----------\n\n- To work with managed zones, see [Create, modify, and delete zones](/dns/docs/zones).\n- To find solutions for common issues that you might encounter when using Cloud DNS, see [Troubleshooting](/dns/docs/troubleshooting).\n- To get an overview of Cloud DNS, see [Cloud DNS overview](/dns/docs/overview)."]]