This document lists the quotas and limits that apply to Cloud DNS.
A quota restricts how much of a particular shared Google Cloud resource your Cloud project can use, including hardware, software, and network components.
Quotas are part of a system that does the following:
- Monitors your use or consumption of Google Cloud products and services.
- Restricts your consumption of those resources for reasons including ensuring fairness and reducing spikes in usage.
- Maintains configurations that automatically enforce prescribed restrictions.
- Provides a means to make or request changes to the quota.
When a quota is exceeded, in most cases, the system immediately blocks access to the relevant Google resource, and the task that you're trying to perform fails. In most cases, quotas apply to each Cloud project and are shared across all applications and IP addresses that use that Cloud project.
Many products and services also have limits that are unrelated to the quota system. These are constraints, such as maximum file sizes or database schema limitations, which generally cannot be increased or decreased, unless otherwise stated.
This table highlights important global quotas for each project. For other quotas, see the Quotas page in the Google Cloud Console.
|Number of API queries per user, per minute||Quotas||The maximum number of API requests that an IAM user can make to the Cloud DNS API within a one-minute time period.|
Unlike quotas, where you can request additional quota, limits cannot generally be increased unless specifically noted.
The number of API requests (queries) per day is governed at the project
level. All API requests count against this limit, including those made
gcloud command-line tool and through the Google Cloud Console.
|Managed zones||10,000||If you need to increase this limit, contact your Google Cloud sales team.|
|Resource record sets per managed zone||10,000||If you need to increase this limit, contact your Google Cloud sales team.|
|Records per resource record set||100. However, each delegation (resource record sets of type
||If you need to increase this limit, contact your Google Cloud sales team.|
|Name servers per delegation||8||If you need to increase this limit, contact your Google Cloud sales team.|
|Additions per change||1,000||If you need to increase this limit, contact your Google Cloud sales team.|
|Deletions per change||1,000||If you need to increase this limit, contact your Google Cloud sales team.|
|Resource record data size per change||100,000 bytes||If you need to increase this limit, contact your Google Cloud sales team.|
|Number of label combinations||1,000||If you need to increase this limit, contact your Google Cloud sales team.|
|Number of labels per managed zone||64 labels and 128 bytes per key or value||This limit cannot be increased.|
|Number of forwarding targets in a forwarding zone||50||This limit cannot be increased.|
|Number of forwarding targets in an alternative name server||50||This limit cannot be increased.|
|Number of policy resources per project||100||If you need to increase this limit, contact your Google Cloud sales team.|
|Number of VPC networks bound to a policy resource||100||If you need to increase this limit, contact your Google Cloud sales team.|
|Number of VPC networks bound to a private managed zone resource||100||If you need to increase this limit, contact your Google Cloud sales team.|
|Number of managed zone resources bound to a VPC network||10,000||If you need to increase this limit, contact your Google Cloud sales team.|
|Number of GKE clusters bound to a private managed zone resource||100||If you need to increase this limit, contact your Google Cloud sales team.|
|Number of managed zone resources bound to a GKE cluster||10,000||If you need to increase this limit, contact your Google Cloud sales team.|
|Largest size of a DNS response (UDP)||1,440 bytes|
|Largest size of a DNS response (TCP)||65,533 bytes|
|Maximum query rate per VPC network||100,000 queries in a ten-second (10s) period|
You can run the following command to look up the limits for your project. The
following example shows the total limits for the various types of objects in
my-project project. The
totalRrdataSizePerChange is measured in bytes
and the combined total of both the additions and deletions for a change.
gcloud dns project-info describe my-project
id: my-project, kind: "dns#project", number: "123456789012", quota: kind: dns#quota, managedZones: 10000, resourceRecordsPerRrset: 10000, rrsetAdditionsPerChange: 1000, rrsetDeletionsPerChange: 1000, rrsetsPerManagedZone: 10000, totalRrdataSizePerChange: 100000, labelSets: 1000
You can find the name of your default project and additional projects at the top of the Home page in the Google Cloud Console.
Name server limits
Cloud DNS assigns every public managed zone to one of five name server
shards. Shards are the letter before the number in an authoritative name server
ns-cloud-e4 are the E shard.
Multiple zones with the same DNS name cannot be assigned to the same shard, so only five zones can be created with exactly the same DNS name (this limit exists across all projects and users in Google Cloud). Before Cloud DNS creates a fifth zone with the same DNS name and prevents anyone else from using that DNS name, it requires you to verify the domain with a TXT record.
Cloud DNS assigns different shards for zones with subdomain DNS
so there can be at most five levels of
for any subdomain hosted on Cloud DNS. Non-delegated subdomains
and delegations hosted on other DNS services do not count against this limit.
You cannot create a managed zone for a parent domain when all shards are already used for child subdomains. Avoid this problem by always creating managed zones for parent domains before creating zones for their subdomains.
Otherwise, follow these steps to free up a shard for the parent domain:
- Check the name servers for every subdomain zone to determine its shard.
- Find the shard (X) with the fewest (or least important) managed zones.
- Export zones in shard X (and change their delegations) to another DNS service.
- After TTLs expire for the original delegations, delete the managed zones for shard X subdomains.
- Create the managed zone for the parent domain; it is assigned to shard X.
- Restore the deleted managed zones for the subdomains, restoring subdomains before any of their own sub-subdomains. They are in new shards, so they all need updated delegations.
Cloud DNS enforces quotas on resource usage for various reasons. For example, quotas protect the community of Google Cloud users by preventing unforeseen spikes in usage. Quotas also help users who are exploring Google Cloud with the free tier to stay within their trial.
All projects start with the same quotas, which you can change by requesting additional quota. Some quotas may increase automatically based on your use of a product.
To view quotas or request quota increases, Identity and Access Management (IAM) members need one of the following roles.
|Check quotas for a project||One of the following:|
|Modify quotas, request additional quota||One of the following:|
Checking your quota
- In the Cloud Console, go to the Quotas page.
- To search for the quota that you want to update, use the Filter table. If you don't know the name of the quota, use the links on this page instead.
gcloud command-line tool, run the following command to
check your quotas. Replace
PROJECT_ID with your own project ID.
gcloud compute project-info describe --project PROJECT_ID
To check your used quota in a region, run the following command:
gcloud compute regions describe example-region
Errors when exceeding your quota
If you exceed a quota with a
gcloud outputs a
quota exceeded error
message and returns with the exit code
If you exceed a quota with an API request, Google Cloud returns the
following HTTP status code:
HTTP 413 Request Entity Too Large.
Requesting additional quota
To increase or decrease most quotas, use the Google Cloud Console. Some quotas can't be increased above their default values.
For more information, see the following sections of Working with quotas:
- In the Cloud Console, go to the Quotas page.
- On the Quotas page, select the quotas that you want to change.
- At the top of the page, click Edit quotas.
- Fill out your name, email, and phone number, and then click Next.
- Fill in your quota request, and then click Done.
- Submit your request. Quota requests take 24 to 48 hours to process.
Each quota represents a maximum number for a particular type of resource that you can create, if that resource is available. It's important to note that quotas do not guarantee resource availability. Even if you have available quota, you can't create a new resource if it is not available.
For example, you might have sufficient quota to create a new regional, external IP address
us-central1 region. However, that is not possible if there are no
available external IP addresses in that region. Zonal resource
availability can also affect your ability to create a new resource.
Situations where resources are unavailable in an entire region are rare. However, resources within a zone can be depleted from time to time, typically without impact to the service level agreement (SLA) for the type of resource. For more information, review the relevant SLA for the resource.