This page describes how to configure DNS routing policies and enable health checks by using Cloud DNS. Before you use this page, familiarize yourself with DNS routing policies and health checks.
Permissions required for this task
To perform this task, you must have been granted the following permissions or the following IAM roles.
Permissions
dns.networks.useHealthSignals
to create a policy with health checks for internal passthrough Network Load Balancersdns.changes.create
to create a resource record setdns.managedZones.list
to list managed zones
Roles
roles/dns.admin
roles/dns.peer
To use DNS routing policies, create a resource record set and choose one of the following DNS routing policies to apply to the resource record set:
DNS routing policies also support multiple IP addresses for each geographic location. When specified for a given geographic location, multiple IP addresses are returned according to an equal weight WRR policy. Combining̦ a geo-based routing policy with a custom-weighted WRR policy is not supported.
Only one type of routing policy can be applied to a resource record set at a time. You cannot combine routing policies except when configuring a failover routing policy, in which case, you can set a geolocation routing policy as the backup. Global access must be enabled for regional load balancers.
Create DNS routing policies for private zones
Before you create DNS routing policies for private zones, complete the following steps.
- Create a private zone.
- Set up one of the following internal load balancers:
- Create forwarding rules for the internal load balancer.
- Set up health checking for the internal load balancer.
To create DNS routing policies for private zones, follow these steps.
Start the configuration
In the Google Cloud console, go to the Cloud DNS zones page.
Click the name of the managed zone that you want to add the record to.
On the Zone details page, click Add with routing policy.
Base data
Optional: On the Create record set with routing policy page, for DNS name, enter a subdomain of the DNS name—for example,
mail
. The trailing dot is automatically added.For Resource record type, select an option.
For TTL, enter a numeric value for the resource record's time to live, which is the amount of time for which it can be cached. This value must be a positive integer.
Optional: For TTL unit, select the unit of time—for example,
minutes
. The default is set tominutes
.Click Next.
Routing policy type
- For Routing policy, select Weighted round robin, Geolocation, or Failover.
- Click Next.
Routing policy data
For Weight, enter the weight corresponding to this subsection of the resource record (RR) data.
This weight must be a nonnegative number from 0.0 to 1000.0. Ratio of traffic routed to the target is calculated from the ratio of individual weight over the total across all weights. For example, if target A has a weight of 25 and target B has a weight of 75, with a total weight of 100, Cloud DNS routes 25/100 = 0.25 (25 percent) of the total traffic to target A, and 75/100= 0.75 (75 percent) to target B.
In the IPv4 health checked targets section, do the following:
- For Project, select the project where the forwarding rule exists.
For Forwarding rule, select a forwarding rule.
The forwarding rule specifies an internal IP address, port, and one of the following targets:
- A regional backend service
- A global or regional target HTTPS proxy
- A regional target TCP proxy
Click Done.
Optional: To add another health-checked target, click Add target.
Optional: To allow IPv4 addresses without health checking, do the following:
- Select Allow IPv4 addresses without health checking.
- For IPv4 Address, enter an IPv4 address.
Optional: To add another set of WRR policy routing data, click Add routing data.
Click Next.
For Geo fencing, select Disabled or Enabled.
Enabling geofencing restricts the traffic to a specific geolocation even if all the endpoints in that geolocation are unhealthy.
For Source region, select a valid Google Cloud source region.
In the IPv4 health checked targets section, do the following:
- For Project, select the project where the forwarding rule exists.
For Forwarding rule, select a forwarding rule.
The forwarding rule specifies an internal IP address, port, and one of the following targets:
- A regional backend service
- A global or regional target HTTPS proxy
- A regional target TCP proxy
Click Done.
Optional: To add another health-checked target, click Add target.
Optional: To allow IPv4 addresses without health checking, do the following:
- Select Allow IPv4 addresses without health checking.
- For IPv4 Address, enter an IPv4 address.
Optional: To add set of another geolocation policy routing data, click Add routing data.
Click Next.
In the Primary health checked targets section, do the following:
- For Project, select the project where the forwarding rule exists.
For Forwarding rule, select a forwarding rule.
The forwarding rule specifies an internal IP address, port, and one of the following targets:
- A regional backend service
- A global or regional target HTTPS proxy
- A regional target TCP proxy
In the Backup geolocation policy section, do the following:
- For Geo fencing, select Disabled or Enabled. Enabling geofencing restricts the traffic to a specific geolocation even if all the endpoints in that geolocation are unhealthy.
- For Source region, select a valid Google Cloud source region.
In the IPv4 health checked targets section, do the following:
- For Project, select the project where the forwarding rule exists.
For Forwarding rule, select a forwarding rule.
The forwarding rule specifies one of the following options:
- An internal IP address, port, and a regional backend service
- An HTTP(S) proxy
- A TCP proxy
When all primary IP addresses are unhealthy, traffic is automatically handled according to the backup geolocation policy.
Click Done.
Optional: To add another health-checked target, click Add target.
Optional: To allow IPv4 addresses without health checking, do the following:
- Select Allow IPv4 addresses without health checking.
- For IPv4 Address, enter an IPv4 address.
Optional: To add another set of backup geolocation policy routing data, click Add routing data.
In the Trickle traffic (%) field, enter the percentage of the traffic sent to the failover targets, regardless of the health check status of the primary targets.
Click Next.
Review and create
- Click Review.
- Review your Cloud DNS record set with routing policy configuration.
- Click Create.
For a resource record set, you set either a routing policy (routingPolicy
)
or DNS data (rrdatas
), not both. To change between a routing policy and
DNS data, update the resource record set. For example, to change a resource
record set containing DNS data (rrdatas
) to instead contain a
a routing policy (routingPolicy
), delete rrdatas
and add routingPolicy
to the same resource record set.
To create DNS routing policies for private zones, follow these steps.
Run the
gcloud dns record-sets create
command:
gcloud dns record-sets createRRSET_NAME \ --ttl=TTL \ --type=RRSET_TYPE \ --zone=MANAGED_ZONE \ --routing-policy-type=WRR \ --routing-policy-data=ROUTING_POLICY_DATA \ --enable-health-checking
Replace the following:
RRSET_NAME
: the DNS name that matches the incoming queries with this zone's DNS name as its suffix, such asservice.example.com
.TTL
: the TTL, in seconds, in which the resolver cachesResourceRecordSet
, such as30
.RRSET_TYPE
: the resource record type of thisResourceRecordSet
, such asA
. For a list of supported record types, see Supported record types for DNS routing policies.MANAGED_ZONE
: the managed zone that thisResourceRecordSet
is affiliated with, such asservice-zone
. The name of thisResourceRecordSet
must have the DNS name of the managed zone as its suffix.ROUTING_POLICY_DATA
: enter a semicolon-delimited list in the format${weight_percent}:${rrdatas}
, such as.8=203.0.113.1;.2=198.51.100.1
. Specify the weight as a nonnegative decimal. The ratio of traffic routed to the target is calculated from the ratio of individual weight over the total across all weights. Forwarding rule names are acceptable values and result in health checking.--enable-health-checking
: the flag to enable health checking. When you use this flag, you must provide the forwarding rule name instead of the IP address in the--routing-policy-data
field.
gcloud dns record-sets createRRSET_NAME \ --ttl=TTL \ --type=RRSET_TYPE \ --zone=MANAGED_ZONE \ --routing-policy-type=GEO \ --routing-policy-data=ROUTING_POLICY_DATA \ --enable-health-checking
Replace the following:
RRSET_NAME
: the DNS name that matches the incoming queries with this zone's DNS name as its suffix, such asservice.example.com
.TTL
: the TTL, in seconds, in which the resolver cachesResourceRecordSet
, such as30
.RRSET_TYPE
: the resource record type of thisResourceRecordSet
, such asA
. For a list of supported record types, see Supported record types for DNS routing policies.MANAGED_ZONE
: the managed zone that thisResourceRecordSet
is affiliated with, such asservice-zone
. The name of thisResourceRecordSet
must have the DNS name of the managed zone as its suffix.ROUTING_POLICY_DATA
: enter a semicolon-delimited list in the format${region}=${IP_address}
, such asasia-east1=198.51.100.1;us-central1=203.0.113.1
. You can specify multiple IP addresses for a single region by adding IP addresses separated by a comma. Forwarding rule names are acceptable values and result in health checking.--enable-health-checking
: the flag to enable health checking. When you use this flag, you must provide the forwarding rule name instead of the IP address in the--routing-policy-data
field.
gcloud dns record-sets createRRSET_NAME \ --ttl=TTL \ --type=RRSET_TYPE \ --zone=MANAGED_ZONE \ --routing-policy-type=GEO \ --routing-policy-data=ROUTING_POLICY_DATA \ --enable-geo-fencing \ --enable-health-checking
Replace the following:
RRSET_NAME
: the DNS name that matches the incoming queries with this zone's DNS name as its suffix, such asservice.example.com
.TTL
: the TTL, in seconds, in which the resolver cachesResourceRecordSet
, such as30
.RRSET_TYPE
: the resource record type of thisResourceRecordSet
, such asA
. For a list of supported record types, see Supported record types for DNS routing policies.MANAGED_ZONE
: the managed zone that thisResourceRecordSet
is affiliated with, such asservice-zone
. The name of thisResourceRecordSet
must have the DNS name of the managed zone as its suffix.ROUTING_POLICY_DATA
: enter a semicolon-delimited list in the format${region}=${IP_address}
, such asasia-east1=198.51.100.1;us-central1=203.0.113.1
. You can specify multiple IP addresses for a single region by adding IP addresses separated by a comma. Forwarding rule names are acceptable values and result in health checking.--enable-geo-fencing
: forGEO
routing policies, this determines whether traffic should failover across regions if all endpoints in a region are unhealthy. When set, Cloud DNS always directs queries to the nearest region, even if all endpoints in that region are unhealthy. Use--no-enable-geo-fencing
to disable geofencing. When not set, Cloud DNS directs queries to the next nearest region when all endpoints in a region are unhealthy. This defaults tofalse
.--enable-health-checking
: the flag to enable health checking. When you use this flag, you must provide the forwarding rule name instead of the IP address in the--routing-policy-data
field.
gcloud dns record-sets createRRSET_NAME \ --ttl=TTL \ --type=RRSET_TYPE \ --zone=MANAGED_ZONE \ --routing-policy-type=FAILOVER \ --routing-policy-primary-data=ROUTING_POLICY_PRIMARY_DATA \ --routing-policy-backup-data-type=ROUTING_POLICY_BACKUP_DATA_TYPE \ --routing-policy-backup-data=ROUTING_POLICY_BACKUP_DATA \ --backup-data-trickle-ratio=BACKUP_DATA_TRICKLE_RATIO \ --enable-geo-fencing \ --enable-health-checking
Replace the following:
RRSET_NAME
: the DNS name that matches the incoming queries with this zone's DNS name as its suffix, such asservice.example.com
.TTL
: the TTL, in seconds, in which the resolver cachesResourceRecordSet
, such as30
.RRSET_TYPE
: the resource record type of thisResourceRecordSet
, such asA
. For a list of supported record types, see Supported record types for DNS routing policies.MANAGED_ZONE
: the managed zone that thisResourceRecordSet
is affiliated with, such asservice-zone
. The name of thisResourceRecordSet
must have the DNS name of the managed zone as its suffix.ROUTING_POLICY_PRIMARY_DATA
: the primary target to use forFAILOVER
routing policies. This target must be a reference to one or more forwarding rules, such asforwarding-rule-1
. As long as at least one of these forwarding rules is healthy, the IP addresses of all healthy forwarding rules are used to answer queries for this name.ROUTING_POLICY_BACKUP_DATA_TYPE
: forFAILOVER
routing policies, the type of routing policy the backup data uses. This must beGEO
.ROUTING_POLICY_BACKUP_DATA
: the backup target to use forFAILOVER
routing policies. These targets are used when all forwarding rules specified in--routing-policy-primary-data
are unhealthy. Cloud DNS only supports geo-based backup targets. The format of this field matches that of--routing-policy-data
when--routing-policy-type = 'GEO'
, such asasia-east1=forwarding-rule-2
.BACKUP_DATA_TRICKLE_RATIO
: the ratio of traffic to send to the backup targets, even when the primaries are healthy. The ratio must be between 0 and 1, such as0.1
. The default is set to0
.--enable-geo-fencing
: forGEO
routing policies, this determines whether traffic should failover across regions if all endpoints in a region are unhealthy. When set, Cloud DNS always directs queries to the nearest region, even if all endpoints in that region are unhealthy. Use--no-enable-geo-fencing
to disable geofencing. When not set, Cloud DNS directs queries to the next nearest region when all endpoints in a region are unhealthy. This defaults tofalse
.--enable-health-checking
: the flag to enable health checking. When you use this flag, you must provide the forwarding rule name instead of the IP address in the--routing-policy-data
field.
Use the
resourceRecordSets.create
method.
POST https://www.googleapis.com/dns/v1/projects/PROJECT_ID /managedZones/MANAGED_ZONE /rrsets { "name": "RRSET_NAME ", "type": "RRSET_TYPE ", "ttl":TTL , "routingPolicy": { "wrr": { "items": [ { "weight":WEIGHT , "healthCheckedTargets": { "internalLoadBalancers": [ { "loadBalancerType": "LOAD_BALANCER_TYPE " "ipAddress": "IP_ADDRESS " "port" : "PORT_NUMBER " "ipProtocol": "IP_PROTOCOL " "networkUrl": "NETWORK_URL " "project": "PROJECT_ID " "region": "REGION " } ] } }, { "weight":WEIGHT , "healthCheckedTargets": { "internalLoadBalancers": [ { "loadBalancerType": "LOAD_BALANCER_TYPE " "ipAddress": "IP_ADDRESS " "port" : "PORT_NUMBER " "ipProtocol": "IP_PROTOCOL " "networkUrl": "NETWORK_URL " "project": "PROJECT_ID " "region": "REGION " } ] } }, ] } } }
Replace the following:
PROJECT_ID
: the ID of the projectMANAGED_ZONE
: the managed zone that thisResourceRecordSet
is affiliated with, such asservice-zone
; the name of thisResourceRecordSet
must have the DNS name of the managed zone as its suffixRRSET_NAME
: the DNS name that matches the incoming queries with this zone's DNS name as its suffix, such asservice.example.com
RRSET_TYPE
: the resource record type of thisResourceRecordSet
, such asA
TTL
: the TTL, in seconds, in which the resolver caches thisResourceRecordSet
, such as30
WEIGHT
: forWRR
policies, a semicolon-delimited list in the format${weight_percent}=${rrdatas}
, such as.8=10.128.1.1;.2=10.130.1.1
; specify the weight as any nonnegative decimal Note: You must specify weight as a nonnegative number. The ratio of traffic routed to the target is calculated from the ratio of individual weight over the total across all weights.LOAD_BALANCER_TYPE
: the type of load balancer, such asregionalL4ilb
,globalL7ilb
, orregionalL7ilb
. This setting is optional.IP_ADDRESS
: the IP address that the forwarding rule servesPORT_NUMBER
: the port numberIP_PROTOCOL
: defines the protocol used for the health check; valid options aretcp
andudp
NETWORK_URL
: the network URL to which this forwarding rule appliesREGION
: the region in which you created the forwarding rule`
POST https://www.googleapis.com/dns/v1/projects/PROJECT_ID /managedZones/MANAGED_ZONE /rrsets { "name": "RRSET_NAME ", "type": "RRSET_TYPE ", "ttl":TTL , "routingPolicy": { "geo": { "items": [ { "location": "LOCATION ", "healthCheckedTargets": { "internalLoadBalancers": [ { "loadBalancerType": "LOAD_BALANCER_TYPE " "ipAddress": "IP_ADDRESS " "port" : "PORT_NUMBER " "ipProtocol": "IP_PROTOCOL " "networkUrl": "NETWORK_URL " "project": "PROJECT_ID " "region": "REGION " } ] } }, { "location": "LOCATION ", "healthCheckedTargets": { "internalLoadBalancers": [ { "loadBalancerType": "LOAD_BALANCING_TYPE " "ipAddress": "IP_ADDRESS " "port" : "PORT_NUMBER " "ipProtocol": "IP_PROTOCOL " "networkUrl": "NETWORK_URL " "project": "PROJECT_ID " "region": "REGION " } ] } }, } ] } } }
Replace the following:
PROJECT_ID
: the ID of the projectMANAGED_ZONE
: the managed zone that thisResourceRecordSet
is affiliated with, such asservice-zone
; the name of thisResourceRecordSet
must have the DNS name of the managed zone as its suffixRRSET_NAME
: the DNS name that matches the incoming queries with this zone's DNS name as its suffix, such asservice.example.com
RRSET_TYPE
: the resource record type of thisResourceRecordSet
, such asA
TTL
: the TTL, in seconds, in which the resolver caches thisResourceRecordSet
, such as30
LOCATION
: forGEO
policies, the geolocation for which you need to create the policy, such asasia-east1
LOAD_BALANCER_TYPE
: the type of load balancer, such asregionalL4ilb
,globalL7ilb
, orregionalL7ilb
. This setting is optional.IP_ADDRESS
: the IP address that the forwarding rule servesPORT_NUMBER
: the port number of the internal load balancerIP_PROTOCOL
: defines the protocol used for the health check; valid options aretcp
andudp
NETWORK_URL
: the network URL to which this forwarding rule appliesREGION
: the region in which you created the forwarding rule
In the failover option, Cloud DNS only supports GEO
policies.
POST https://www.googleapis.com/dns/v1/projects/PROJECT_ID /managedZones/MANAGED_ZONE /rrsets { "name": "RRSET_NAME ", "type": "RRSET_TYPE ", "ttl":TTL , "routingPolicy": { "primaryBackup": { "trickleTraffic":TRICKLE_TRAFFIC , "primaryTargets": { "internalLoadBalancers": [ { "ipAddress": "IP_ADDRESS " "ipProtocol": "IP_PROTOCOL " "loadBalancerType": "LOAD_BALANCER_TYPE " "networkUrl": "NETWORK_URL " "port": "PORT_NUMBER " "project": "PROJECT_ID " "region": "REGION " } ] }, "backupGeoTargets": { "enableFencing":ENABLE_FENCING , "items": [ { "location": "LOCATION ", "rrdatas": [ "RRDATA " ] }, { "location": "LOCATION ", "rrdatas": [ "RRDATA " ] } ] } }, } }
Replace the following:
PROJECT_ID
: the ID of the projectMANAGED_ZONE
: the managed zone that thisResourceRecordSet
is affiliated with, such asservice-zone
; the name of thisResourceRecordSet
must have the DNS name of the managed zone as its suffixRRSET_NAME
: the DNS name that matches the incoming queries with this zone's DNS name as its suffix, such asservice.example.com
RRSET_TYPE
: the resource record type of thisResourceRecordSet
, such asA
TTL
: the TTL, in seconds, in which the resolver caches thisResourceRecordSet
, such as30
TRICKLE_TRAFFIC
: the ratio of traffic to send to the backup targets even when the primaries are healthy; the ratio must be between 0 and 1, such as0.1
IP_ADDRESS
: the IP address that the forwarding rule servesPORT_NUMBER
: the port numberIP_PROTOCOL
: defines the protocol used for the health check; valid options aretcp
andudp
NETWORK_URL
: the network URL to which this forwarding rule appliesPORT_NUMBER
: the port number of the internal load balancerREGION
: the region in which you created the forwarding ruleENABLE_FENCING
: forGEO
routing policies, this determines whether traffic should failover across regions if all endpoints in a region are unhealthy. When set, Cloud DNS always directs queries to the nearest region, even if all endpoints in that region are unhealthy. When not set, Cloud DNS directs queries to the next nearest region when all endpoints in a region are unhealthy. This defaults tofalse
.LOCATION
: forGEO
policies, the geolocation for which you need to create the policy, such asasia-east1
WEIGHT
: forWRR
policies, a semicolon-delimited list in the format${weight_percent}=${rrdatas}
, such as.8=10.128.1.1;.2=10.130.1.1
; specify the weight as any nonnegative decimalRRDATA
: an arbitrary value associated with the resource record set, such as198.51.100.5
; you can also enter multiple values,rrdata1
rrdata2
rrdata3
, such as198.51.100.1
203.0.113.1
...
Create DNS routing policies for public zones (Preview)
To create DNS routing policies for public zones, follow these steps.
Start the configuration
In the Google Cloud console, go to the Cloud DNS zones page.
Click the name of the managed zone that you want to add the record to.
On the Zone details page, click Add with routing policy.
Base data
Optional: On the Create record set with routing policy page, for DNS name, enter a subdomain of the pre-filled DNS name—for example,
mail
. The trailing dot is automatically added.For Resource record type, select an option.
For TTL, enter a numeric value for the resource record's time to live, which is the amount of time that it can be cached. This value must be a positive integer.
Optional: For TTL unit, select the unit of time—for example,
minutes
. The default is set tominutes
.Click Next.
Routing policy type
- For Routing policy, select Weighted round robin, Geolocation, or Failover.
- Click Next.
Routing policy data
For Weight, enter the weight corresponding to this subsection of the resource record (RR) data.
This weight must be a nonnegative number from 0.0 to 1000.0. Ratio of traffic routed to the target is calculated from the ratio of individual weight over the total across all weights. For example, if target A has a weight of 25 and target B has a weight of 75, with a total weight of 100, Cloud DNS routes 25/100 = 0.25 (25 percent) of the total traffic to target A, and 75/100= 0.75 (75 percent) to target B.
In the External IP addresses section, do the following:
- For IP address , enter an external IP address.
- Optional: To select an external IP address of a Google Cloud resource in the current project, click Select.
- To enable health checking, select Health checking 1.
- Optional: To add another external IP address, click Add IP address.
- Click Done.
If you enabled health checking in the previous step, in the Health check list, select a health check or create a new one by following these steps.
- Click Create a new health check.
- For Name, enter a name for the health check.
- Optional: For Description, enter a description for the health check.
- For Source regions, select any three Google Cloud regions from which you want to send health check probes.
- Optional: In the Protocol list, select a protocol.
For Port, enter a port number.
The protocol and the port number determine how Cloud DNS sends the health check probes.
Optional: To configure content-based health check, for Response, provide an expected response string, each up to 1,024 ASCII (single byte) characters in length.
Optional: To turn on health check logs, for Logs, select On.
For Check interval, enter the time interval in seconds between health check probes. The check interval is the amount of time from the start of one probe issued by one prober to the start of the next probe issued by the same prober.
For Timeout, enter the amount of time in seconds you want Google Cloud to wait for a response to a probe.
For Healthy threshold, enter the number of consecutive successful probe results for a backend to be considered healthy.
For Unhealthy threshold, enter the number of consecutive failed probe results for a backend to be considered unhealthy.
Click Create.
Click Next
- For Geo fencing, select Disabled or Enabled. Enabling geofencing restricts the traffic to a specific geolocation even if all the endpoints in that geolocation are unhealthy.
- For Source region, select a valid Google Cloud source region.
- In the External IP addresses section, do the following:
- For IP address , enter an external IP address.
- Optional: To select an external IP address of a Google Cloud resource in the current project, click Select.
- To enable health checking, select Health checking 1.
- Optional: To add another external IP address, click Add IP address.
- Click Done.
If you enabled health checking in the previous step, in the Health check list, select a health check or create a new one by following these steps.
- Click Create a new health check.
- For Name, enter a name for the health check.
- Optional: For Description, enter a description for the health check.
- For Source regions, select any three Google Cloud regions from which you want to send health check probes.
- Optional: In the Protocol list, select a protocol.
For Port, enter a port number.
The protocol and the port number determine how Cloud DNS sends the health check probes.
Optional: To configure content-based health check, for Response, provide an expected response string, each up to 1,024 ASCII (single byte) characters in length.
Optional: To turn on health check logs, for Logs, select On.
For Check interval, enter the time interval in seconds between health check probes. The check interval is the amount of time from the start of one probe issued by one prober to the start of the next probe issued by the same prober.
For Timeout, enter the amount of time in seconds you want Google Cloud to wait for a response to a probe.
For Healthy threshold, enter the number of consecutive successful probe results for a backend to be considered healthy.
For Unhealthy threshold, enter the number of consecutive failed probe results for a backend to be considered unhealthy.
Click Create.
Click Next
- In the Primary external IP address target section, for IP address, enter the primary external IP address that is health checked for this record.
- Optional:To select a primary external IP address of a Google Cloud resource in the current project, click Select.
- Optional: To add another primary external IP address, click Add target. When DNSSEC is enabled, you can add only one primary external IP address target .
- In the Backup geolocation policy section, do the following:
- For Geo fencing, select Disabled or Enabled. Enabling geofencing restricts the traffic to a specific geolocation even if all the endpoints in that geolocation are unhealthy.
- For Source region, select a valid Google Cloud source region.
- In the External IP addresses section, do the following:
- For IP address , enter an external IP address.
- Optional: To select an external IP address of a Google Cloud resource in the current project, click Select.
- To enable health checking, select Health checking 1.
- Optional: To add another external IP address, click Add IP address.
- Click Done.
If you enabled health checking in the previous step, in the Health check list, select a health check.
If you don't have an existing health check, create a new health check.
- Click Create a new health check.
- For Name, enter a name for the health check.
- Optional: For Description, enter a description for the health check.
- For Source regions, select any three Google Cloud regions from which you want to send health check probes.
- Optional: In the Protocol list, select a protocol.
- For Port, enter a port number.
The protocol and the port number determine how Cloud DNS sends the health check probes.
- Optional: To configure content-based health check, for Response, provide an expected response string, each up to 1,024 ASCII (single byte) characters in length.
- Optional: To turn on health check logs, for Logs, select On.
- For Check interval, enter the time interval in seconds between health check probes. The check interval is the amount of time from the start of one probe issued by one prober to the start of the next probe issued by the same prober.
- For Timeout, enter the amount of time in seconds you want Google Cloud to wait for a response to a probe.
- For Healthy threshold, enter the number of consecutive successful probe results for a backend to be considered healthy.
- For Unhealthy threshold, enter the number of consecutive failed probe results for a backend to be considered unhealthy.
- Click Create.
In the Trickle traffic (%) field, enter the percentage of the traffic sent to the failover targets, regardless of the health check status of the primary targets.
In the Health check list, select a health check.
Click Next.
Review and create
- Click Review.
- Review your Cloud DNS record set with routing policy configuration.
- Click Create.
To create DNS routing policies for public zones, follow these steps.
To enable health checking in DNS routing policies for public zones, create a health check for external endpoints.
Run the
gcloud beta compute health-checks create
command:gcloud beta compute health-checks create
PROTOCOL HEALTH_CHECK_NAME \ --global \ --check-interval=CHECK_INTERVAL \ --source-regions=SOURCE_REGIONS \ --port=PORT_NUMBER Replace the following:
PROTOCOL
: the protocol used for the health check. Valid options arehttp
,https
,ssl
, ortcp
.HEALTH_CHECK_NAME
: the name of the health check.CHECK_INTERVAL
: the amount of time from the start of one health check probe system's connection to the start of the next one. Units are seconds. TheCHECK_INTERVAL
value must be between30
and300
seconds.SOURCE_REGIONS
: a comma-separated list of Google Cloud regions from which you want to send health check probes.PORT_NUMBER
: the port number for health check requests.
To create a
ResourceRecordSet
and apply a routing policy to it, run thegcloud beta dns record-sets create
command.gcloud beta dns record-sets create
RRSET_NAME \ --ttl=TTL \ --type=RRSET_TYPE \ --zone=MANAGED_ZONE \ --routing-policy-type=WRR \ --routing-policy-data=ROUTING_POLICY_DATA \ --health-check=HEALTH_CHECK_NAME Replace the following:
RRSET_NAME
: the DNS name that matches the incoming queries with this zone's DNS name as its suffix, such asservice.example.com
.TTL
: the TTL, in seconds, in which the resolver caches thisResourceRecordSet
, such as30
.RRSET_TYPE
: the resource record type of thisResourceRecordSet
, such asA
.MANAGED_ZONE
: the managed zone that thisResourceRecordSet
is affiliated with, such asservice-zone
. The name of thisResourceRecordSet
must have the DNS name of the managed zone as its suffix.ROUTING_POLICY_DATA
: the routing policy data. Enter a semicolon-delimited list in the format${weight_percent}:${rrdatas}
, such as.8=203.0.113.1;.2=198.51.100.1
. Specify the weight as a nonnegative decimal. Weight must be a nonnegative number from0
to1000
.HEALTH_CHECK_NAME
: the name of the health check that you created in the previous step.
gcloud beta dns record-sets create
RRSET_NAME \ --ttl=TTL \ --type=RRSET_TYPE \ --zone=MANAGED_ZONE \ --routing-policy-type=GEO \ --routing-policy-data=ROUTING_POLICY_DATA \ --health-check=HEALTH_CHECK_NAME Replace the following:
RRSET_NAME
: the DNS name that matches the incoming queries with this zone's DNS name as its suffix, such asservice.example.com
.TTL
: the TTL, in seconds, in which the resolver caches thisResourceRecordSet
, such as30
.RRSET_TYPE
: the resource record type of thisResourceRecordSet
, such asA
.MANAGED_ZONE
: the managed zone that thisResourceRecordSet
is affiliated with, such asservice-zone
. The name of thisResourceRecordSet
must have the DNS name of the managed zone as its suffix.ROUTING_POLICY_DATA
: the routing policy data. Enter a semicolon-delimited list in the format${region}=${IP_address},${IP_address}
, such asasia-east1=198.51.100.1;us-central1=203.0.113.1, 203.0.113.2
. You can specify multiple IP addresses for a single region by adding IP addresses separated by a comma. Forwarding rule names are acceptable values and result in health checking.HEALTH_CHECK_NAME
: the name of the health check that you created in the previous step.
gcloud beta dns record-sets create
RRSET_NAME \ --ttl=TTL \ --type=RRSET_TYPE \ --zone=MANAGED_ZONE \ --routing-policy-type=GEO \ --routing-policy-data=ROUTING_POLICY_DATA \ --health-check=HEALTH_CHECK_NAME \ --enable-geo-fencingReplace the following:
RRSET_NAME
: the DNS name that matches the incoming queries with this zone's DNS name as its suffix, such asservice.example.com
.TTL
: the TTL, in seconds, in which the resolver caches thisResourceRecordSet
, such as30
.RRSET_TYPE
: the resource record type of thisResourceRecordSet
, such asA
.MANAGED_ZONE
: the managed zone that thisResourceRecordSet
is affiliated with, such asservice-zone
. The name of thisResourceRecordSet
must have the DNS name of the managed zone as its suffix.ROUTING_POLICY_DATA
: the routing policy data. Enter a semicolon-delimited list in the format${region}=${IP_address}
, such asasia-east1=198.51.100.1;us-central1=203.0.113.1
. You can specify multiple IP addresses for a single region by adding IP addresses separated by a comma. Forwarding rule names are acceptable values and result in health checking.HEALTH_CHECK_NAME
: the name of the health check that you created in the previous step.--enable-geo-fencing
: forGEO
routing policies, this determines whether traffic should failover across regions if all endpoints in a region are unhealthy. When set, Cloud DNS always directs queries to the nearest region, even if all endpoints in that region are unhealthy. Use--no-enable-geo-fencing
to disable geofencing. When not set, Cloud DNS directs queries to the next nearest region when all endpoints in a region are unhealthy. This defaults tofalse
.
gcloud beta dns record-sets create
RRSET_NAME \ --ttl=TTL \ --type=RRSET_TYPE \ --zone=MANAGED_ZONE \ --routing-policy-type=FAILOVER \ --routing-policy-primary-data=ROUTING_POLICY_PRIMARY_DATA \ --routing-policy-backup-data=ROUTING_POLICY_BACKUP_DATA \ --routing-policy-backup-data-type=ROUTING_POLICY_BACKUP_DATA_TYPE \ --backup-data-trickle-ratio=BACKUP_DATA_TRICKLE_RATIO \ --health-check=HEALTH_CHECK_NAME Replace the following:
RRSET_NAME
: the DNS name that matches the incoming queries with this zone's DNS name as its suffix, such asservice.example.com
.TTL
: the TTL, in seconds, in which the resolver caches thisResourceRecordSet
, such as30
RRSET_TYPE
: the resource record type of thisResourceRecordSet
, such asA
.MANAGED_ZONE
: the managed zone that thisResourceRecordSet
is affiliated with, such asservice-zone
. The name of thisResourceRecordSet
must have the DNS name of the managed zone as its suffix.ROUTING_POLICY_PRIMARY_DATA
: the primary target to use forFAILOVER
routing policies. This target must be a reference to one or more forwarding rules, such asforwarding-rule-1
. As long as at least one of these forwarding rules is healthy, the IP addresses of all healthy forwarding rules are used to answer queries for this name.ROUTING_POLICY_BACKUP_DATA
: the backup target to use forFAILOVER
routing policies. These targets are used when all forwarding rules specified in--routing-policy-primary-data
are unhealthy. Cloud DNS only supports geo-based backup targets. The format of this field matches that of--routing-policy-data
when--routing-policy-type = 'GEO'
, such asasia-east1=forwarding-rule-2
.ROUTING_POLICY_BACKUP_DATA_TYPE
: forFAILOVER
routing policies, the type of routing policy the backup data uses. This must beGEO
.BACKUP_DATA_TRICKLE_RATIO
: the ratio of traffic to send to the backup targets, even when the primaries are healthy. The ratio must be between 0 and 1, such as0.1
. The default is set to0
.HEALTH_CHECK_NAME
: the name of the health check that you created in the previous step.
To enable health checking in DNS routing policies for public zones, use the
healthChecks.insert
method.To create a
ResourceRecordSet
and apply a routing policy to it, use theresourceRecordSets.create
method.POST https://www.googleapis.com/dns/v1/projects/
PROJECT_ID /managedZones/MANAGED_ZONE /rrsets { "name": "RRSET_NAME ", "type": "RRSET_TYPE ", "ttl":TTL , "routingPolicy": { "healthCheck": "https://www.googleapis.com/compute/beta/projects/PROJECT_ID /global/healthChecks/HEALTH_CHECK_NAME " "wrr": { "items": [{ "weight":WEIGHT , "healthCheckedTargets": { "rrdata": ["RRDATA "] } }, { "weight": 1.0, "healthCheckedTargets": { "rrdata": ["RRDATA ", "RRDATA "] } }] } } }Replace the following:
PROJECT_ID
: the ID of the projectMANAGED_ZONE
: the managed zone that thisResourceRecordSet
is affiliated with, such asservice-zone
; the name of thisResourceRecordSet
must have the DNS name of the managed zone as its suffix.RRSET_NAME
: the DNS name that matches the incoming queries with this zone's DNS name as its suffix, such asservice.example.com
.TTL
: the TTL, in seconds, in which the resolver caches thisResourceRecordSet
, such as30
.RRSET_TYPE
: the resource record type of thisResourceRecordSet
, such asA
.HEALTH_CHECK_NAME
: the name of the health check.WEIGHT
: forWRR
policies, a semicolon-delimited list in the format${weight_percent}=${rrdatas}
, such as.8=10.128.1.1;.2=10.130.1.1
; specify the weight as any nonnegative decimal. Note: You must specify weight as a nonnegative number. The ratio of traffic routed to the target is calculated from the ratio of individual weight over the total across all weights.RRDATA
: an arbitrary value associated with the resource record set, such as198.51.100.5
; you can also enter multiple values,rrdata1
,rrdata2
,rrdata3
, such as198.51.100.1
,203.0.113.1
.
POST https://www.googleapis.com/dns/v1/projects/
PROJECT_ID /managedZones/MANAGED_ZONE /rrsets { "name": "RRSET_NAME ", "type": "RRSET_TYPE ", "ttl":TTL , "routingPolicy": { "healthCheck": "https://www.googleapis.com/compute/beta/projects/PROJECT_ID /global/healthChecks/HEALTH_CHECK_NAME " "geo": { "enableFencing":ENABLE_FENCING "items": [{ "location": "LOCATION ", "healthCheckedTargets": { "rrdata": ["RRDATA "] } }, { "location": "LOCATION ", "healthCheckedTargets": { "rrdata": ["RRDATA ", "RRDATA "] } }] } } }Replace the following:
PROJECT_ID
: the ID of the projectMANAGED_ZONE
: the managed zone that thisResourceRecordSet
is affiliated with, such asservice-zone
; the name of thisResourceRecordSet
must have the DNS name of the managed zone as its suffix.RRSET_NAME
: the DNS name that matches the incoming queries with this zone's DNS name as its suffix, such asservice.example.com
.RRSET_TYPE
: the resource record type of thisResourceRecordSet
, such asA
.TTL
: the TTL, in seconds, in which the resolver caches thisResourceRecordSet
, such as30
.HEALTH_CHECK_NAME
: the name of the health check.ENABLE_FENCING
: forGEO
routing policies, this determines whether traffic should failover across regions if all endpoints in a region are unhealthy. When set, Cloud DNS always directs queries to the nearest region, even if all endpoints in that region are unhealthy. When not set, Cloud DNS directs queries to the next nearest region when all endpoints in a region are unhealthy. Valid options aretrue
andfalse
. The default setting for this isfalse
.LOCATION
: forGEO
policies, the geolocation for which you need to create the policy, such asasia-east1
.RRDATA
: an arbitrary value associated with the resource record set, such as198.51.100.5
; you can also enter multiple values,rrdata1
,rrdata2
,rrdata3
, such as198.51.100.1
,203.0.113.1
.
In the failover option, Cloud DNS only supports
GEO
policies.POST https://www.googleapis.com/dns/v1/projects/
PROJECT_ID /managedZones/MANAGED_ZONE /rrsets { "name": "RRSET_NAME ", "type": "RRSET_TYPE ", "ttl":TTL , "routingPolicy": { "healthCheck": "https://www.googleapis.com/compute/beta/projects/PROJECT_ID /global/healthChecks/HEALTH_CHECK_NAME " "primaryBackup": { "trickleTraffic":TRICKLE_TRAFFIC , "primaryTargets": { "rrdata": ["RRDATA "] } "backupGeoTargets": { "enableFencing":ENABLE_FENCING , "items": [{ "location": "LOCATION ", "rrdatas": ["RRDATA ] }, { "location": "LOCATION ", "rrdatas": ["RRDATA ", "RRDATA "] }] } } } }Replace the following:
PROJECT_ID
: the ID of the projectMANAGED_ZONE
: the managed zone that thisResourceRecordSet
is affiliated with, such asservice-zone
; the name of thisResourceRecordSet
must have the DNS name of the managed zone as its suffix.RRSET_NAME
: the DNS name that matches the incoming queries with this zone's DNS name as its suffix, such asservice.example.com
.RRSET_TYPE
: the resource record type of thisResourceRecordSet
, such asA
.TTL
: the TTL, in seconds, in which the resolver caches thisResourceRecordSet
, such as30
.HEALTH_CHECK_NAME
: the name of the health check.TRICKLE_TRAFFIC
: the ratio of traffic to send to the backup targets even when the primaries are healthy; the ratio must be between 0 and 1, such as0.1
.RRDATA
: an arbitrary value associated with the resource record set, such as198.51.100.5
; you can also enter multiple values,rrdata1
,rrdata2
,rrdata3
, such as198.51.100.1
,203.0.113.1
.ENABLE_FENCING
: forGEO
routing policies, this determines whether traffic must failover across regions if all endpoints in a region are unhealthy. When set, Cloud DNS always directs queries to the nearest region, even if all endpoints in that region are unhealthy. When not set, Cloud DNS directs queries to the next nearest region when all endpoints in a region are unhealthy. The default setting for this isfalse
.LOCATION
: forGEO
policies, the geolocation for which you need to create the policy, such asasia-east1
.
Update DNS routing policies
To update a resource record set's routing policy, follow these steps.
In the Google Cloud console, go to the Cloud DNS zones page.
Click the zone for which you want to update the resource record set's routing policy.
On the Zone details page, next to the resource record set that you want to update, click editEdit.
After you have made the updates, click Save.
Run the
gcloud dns record-sets update
command:
gcloud dns record-sets updateRRSET_NAME \ --ttl=TTL \ --type=RRSET_TYPE \ --zone=MANAGED_ZONE \ --routing-policy-type=WRR \ --routing-policy-data=ROUTING_POLICY_DATA \ --enable-health-checking
gcloud dns record-sets updateRRSET_NAME \ --ttl=TTL \ --type=RRSET_TYPE \ --zone=MANAGED_ZONE \ --routing-policy-type=GEO \ --routing-policy-data=ROUTING_POLICY_DATA \ --enable-health-checking
gcloud dns record-sets updateRRSET_NAME \ --ttl=TTL \ --type=RRSET_TYPE \ --zone=MANAGED_ZONE \ --routing-policy-type=GEO \ --routing-policy-data=ROUTING_POLICY_DATA \ --enable-geo-fencing --enable-health-checking
gcloud dns record-sets updateRRSET_NAME \ --ttl=TTL \ --type=RRSET_TYPE \ --zone=MANAGED_ZONE \ --routing-policy-type=FAILOVER \ --enable-geo-fencing \ --routing-policy-primary-data=ROUTING_POLICY_PRIMARY_DATA \ --routing-policy-backup-data=ROUTING_POLICY_BACKUP_DATA \ --backup-data-trickle-ratio=BACKUP_DATA_TRICKLE_RATIO \ --enable-health-checking
Replace the following:
RRSET_NAME
: the DNS name that matches the incoming queries with this zone's DNS name as its suffix, such asservice.example.com
TTL
: the TTL, in seconds, in which the resolver caches thisResourceRecordSet
, such as30
RRSET_TYPE
: the resource record type of thisResourceRecordSet
, such asA
For a list of supported record types, see Select resource record types.
MANAGED_ZONE
: the managed zone that thisResourceRecordSet
is affiliated with, such asservice-zone
. The name of thisResourceRecordSet
must have the DNS name of the managed zone as its suffixROUTING_POLICY_TYPE
: the type of routing policy.Enter
WRR
for weighted round robin,GEO
for geo-location, orFAILOVER
for failover policies. You cannot modify this field after a policy has a chosen type; you can only delete the policy and add a new policy with the different type.ROUTING_POLICY_DATA
: the routing policy data- For
--routing-policy-type=WRR
, enter a semicolon-delimited list in the format${weight_percent}:${rrdatas}
, such as.8=203.0.113.1;.2=198.51.100.1
. Specify the weight as a nonnegative decimal. The ratio of traffic routed to the target is calculated from the ratio of individual weight over the total across all weights. Forwarding rule names are acceptable values and result in health checking. - For
--routing-policy-type=GEO
, enter a semicolon-delimited list in the format${region}=${IP_address}
, such asasia-east1=198.51.100.1;us-central1=203.0.113.1
. You can specify multiple IP addresses for a single region by adding IP addresses separated by a comma. Forwarding rule names are acceptable values and result in health checking. For
--routing-policy-type=FAILOVER
, enter the name of the forwarding rule that you created in the format${region}=${Forwarding rule name}
.
- For
--enable-geo-fencing
: forGEO
routing policies, this determines whether traffic should fail over across regions if all endpoints in a region are unhealthy. When set, Cloud DNS always directs queries to the nearest region, even if all endpoints in that region are unhealthy. Use--no-enable-geo-fencing
to disable geofencing. When unset, all endpoints in a region are unhealthy and Cloud DNS directs queries to the next nearest region. The default setting for this isfalse
.ROUTING_POLICY_PRIMARY_DATA
: the primary target to use forFAILOVER
routing policies. This target must be a reference to one or more forwarding rules, such asforwarding-rule-1
. As long as at least one of these forwarding rules is healthy, the IP addresses of all healthy forwarding rules are used to answer queries for this name.ROUTING_POLICY_BACKUP_DATA
: the backup target to use forFAILOVER
routing policies. These targets are used when all forwarding rules specified in--routing-policy-primary-data
are unhealthy. Cloud DNS only supports geo-based backup targets. The format of this field matches that of--routing-policy-data
when--routing-policy-type = 'GEO'
, such asasia-east1=forwarding-rule-2
.BACKUP_DATA_TRICKLE_RATIO
: the ratio of traffic to send to the backup targets even when the primaries are healthy. The ratio must be between 0 and 1, such as0.1
. The default is set to 0.--enable-health-checking
: Enables the health checking of forwarding rules that are provided as rrdata to--routing-policy-data
.
Use the
resourceRecordSets.patch
method. Specify only one of rrset.rrdatas
or rrset.routingPolicy
. If
specifying routingPolicy
, you must specify the new routingPolicy
field
in its entirety.
For WRR
policies, use the following method:
PATCH https://www.googleapis.com/dns/v1/projects/PROJECT_ID /managedZones/MANAGED_ZONE /rrsets { "name": "RRSET_NAME.", "type": "RRSET_TYPE", "ttl": TTL, "routingPolicy": { "wrrPolicy": { "item": [ { "weight":WEIGHT , "rrdatas": ["RRDATA "] }, { "weight":WEIGHT , "rrdatas": ["RRDATA "] } ], } } }
Use the following method:
PATCH https://www.googleapis.com/dns/v1/projects/PROJECT_ID /managedZones/MANAGED_ZONE /rrsets { "name": "RRSET_NAME ", "type": "RRSET_TYPE ", "ttl":TTL , "routingPolicy": { "geo": { "items": [ { "location": "LOCATION ", "healthCheckedTargets": { "internalLoadBalancers": [ { "loadBalancerType": "LOAD_BALANCER_TYPE " "ipAddress": "IP_ADDRESS " "port" : "PORT_NUMBER " "ipProtocol": "IP_PROTOCOL " "networkUrl": "NETWORK_URL " "project": "PROJECT " "region": "REGION " } ] } }, { "location": "LOCATION ", "healthCheckedTargets": { "internalLoadBalancers": [ { "loadBalancerType": "LOAD_BALANCING_TYPE " "ipAddress": "IP_ADDRESS " "port" : "PORT_NUMBER " "ipProtocol": "IP_PROTOCOL " "networkUrl": "NETWORK_URL " "project": "PROJECT " "region": "REGION " } ] } }, } ] } } }
Replace the following:
PROJECT_ID
: the ID of the projectMANAGED_ZONE
: the managed zone that thisResourceRecordSet
is affiliated with, such asservice-zone
; the name of thisResourceRecordSet
must have the DNS name of the managed zone as its suffixRRSET_NAME
: the DNS name that matches the incoming queries with this zone's DNS name as its suffix, such asservice.example.com
RRSET_TYPE
: the resource record type of thisResourceRecordSet
, such asA
TTL
: the TTL, in seconds, in which the resolver caches thisResourceRecordSet
, such as30
TRICKLE_TRAFFIC
: the ratio of traffic to send to the backup targets even when the primaries are healthy; the ratio must be between 0 and 1, such as0.1
ENABLE_FENCING
: forGEO
routing policies, this determines whether traffic should failover across regions if all endpoints in a region are unhealthy. When set, Cloud DNS always directs queries to the nearest region, even if all endpoints in that region are unhealthy. When not set, Cloud DNS directs queries to the next nearest region when all endpoints in a region are unhealthy. This defaults tofalse
.LOCATION
: forGEO
policies, the geolocation for which you need to update the policy, such asasia-east1
WEIGHT
: forWRR
policies, a semicolon-delimited list in the format${weight_percent}=${rrdatas}
, such as.8=10.128.1.1;.2=10.130.1.1
; specify the weight as any nonnegative decimalRRDATA
: an arbitrary value associated with the resource record set, such as198.51.100.5
; you can also enter multiple values,rrdata1
rrdata2
rrdata3
, such as198.51.100.1
203.0.113.1
...LOAD_BALANCER_TYPE
: the type of load balancer, such asregionalL4ilb
,globalL7ilb
, orregionalL7ilb
. This setting is optional.IP_ADDRESS
: the IP address that the forwarding rule servesPORT_NUMBER
: the port numberIP_PROTOCOL
: defines the protocol used for the health check; valid options aretcp
andudp
NETWORK_URL
: the network URL to which this forwarding rule appliesREGION
: the region in which you created the forwarding rule
Delete DNS routing policies
To delete a routing policy, you must delete the resource record set that contains the routing policy. To do so, follow these steps.
In the Google Cloud console, go to the Cloud DNS zones page.
Click the zone for which you want to delete the resource record set.
On the Zone details page, next to the DNS name of the resource record set that you want to delete, select the checkbox.
Click Delete record sets.
Run the
gcloud dns record-sets delete
command:
gcloud dns record-sets deleteRRSET_NAME \ --type=RRSET_TYPE \ --zone=MANAGED_ZONE \
Replace the following:
RRSET_NAME
: the DNS name that matches the incoming queries with this zone's DNS name as its suffix, such asservice.example.com
RRSET_TYPE
: the resource record type of thisResourceRecordSet
, such asA
For a list of supported record types, see Selecting resource record types.
MANAGED_ZONE
: the managed zone that thisResourceRecordSet
is affiliated with, such asservice-zone
; the name of thisResourceRecordSet
must have the DNS name of the managed zone as its suffix
Use the
resourceRecordSets.delete
method:
DELETE https://www.googleapis.com/dns/v1/projects/PROJECT_ID /managedZones/MANAGED_ZONE /rrsets/RRSET_NAME /RRSET_TYPE
Replace the following:
PROJECT_ID
: the ID of the projectMANAGED_ZONE
: the managed zone that thisResourceRecordSet
is affiliated with, such asmy-zone-name
; the name of thisResourceRecordSet
must have the DNS name of the managed zone as its suffixRRSET_NAME
: the DNS name that matches the incoming queries with this zone's DNS name as its suffix, such astest.example.com
RRSET_TYPE
: the resource record type of thisResourceRecordSet
, such asA
What's next
- To work with managed zones, see Create, modify, and delete zones.
- To find solutions for common issues that you might encounter when using Cloud DNS, see Troubleshooting.
- To get an overview of Cloud DNS, see Cloud DNS overview.