This page provides instructions about how to create a peering zone. For detailed background information, see Peering zones.
Permissions required for this task
To perform this task, you must have been granted the following permissions or the following IAM roles.
Permissions
dns.managedZones.create
to create a managed zonedns.networks.targetWithPeeringZone
to create a peering zonedns.activePeeringZones.getZoneInfo
to get information about a peering zonedns.activePeeringZones.list
to list peering zonesdns.activePeeringZones.deactivate
to deactivate a peering zone
Roles
roles/dns.admin
roles/dns.peer
To create a new managed private peering zone when you need one VPC network (the consumer network) to query the VPC name resolution order of another VPC network (the producer network), follow these steps.
In the Google Cloud console, go to the Create a DNS zone page.
For the Zone type, select Private.
Enter a Zone name such as
my-new-zone
.Enter a DNS name suffix for the private zone. All records in the zone share this suffix, for example:
example.private
.Optional: Add a description.
Under Options, select DNS peering.
Select the networks to which the private zone must be visible.
In Peer project, select a peer project.
In Peer network, select a peer network.
Click Create.
In the project that contains the consumer VPC network, identify or create a service account.
Grant the DNS Peer role to the service account (from the previous step) in the project that contains the producer VPC network.
gcloud projects add-iam-policy-binding
PRODUCER_PROJECT_ID \ --member=SERVICE_ACCOUNT \ --role=roles/dns.peerReplace the following:
PRODUCER_PROJECT_ID
: the ID of the project that contains the producer VPC networkSERVICE_ACCOUNT
: the service account in the project that contains the consumer VPC network that was identified or created in step 1
In the project that contains the consumer VPC network, grant the DNS Administrator role to the service account and create a new managed private peering zone by running the
dns managed-zones create
command:gcloud dns managed-zones create
NAME \ --description=DESCRIPTION \ --dns-name=DNS_SUFFIX \ --networks=CONSUMER_VPC_NETWORK \ --account=SERVICE_ACCOUNT \ --target-network=PRODUCER_VPC_NETWORK \ --target-project=PRODUCER_PROJECT_ID \ --visibility=privateReplace the following:
NAME
: a name for your zoneDESCRIPTION
: a description for your zoneDNS_SUFFIX
: the DNS suffix for your zone, such asexample.com
CONSUMER_VPC_NETWORK
: the name of the consumer VPC networkSERVICE_ACCOUNT
: the service account in the project that contains the consumer VPC network, identified in step 1PRODUCER_VPC_NETWORK
: the name of the producer VPC networkPRODUCER_PROJECT_ID
: the ID of the project that contains the producer VPC network
What's next
- To work with managed zones, see Create, modify, and delete zones.
- To find solutions for common issues that you might encounter when using Cloud DNS, see Troubleshooting.
- To get an overview of Cloud DNS, see Cloud DNS overview.