Configuring a Service Directory DNS zone

You can create a Service Directory zone that allows your Google Cloud-based services to query your Service Directory namespace using DNS.

These instructions require that you already have a Service Directory namespace in place. If you do not, first create a namespace using the procedure in Configuring Service Directory.

Once you have attached a Service Directory zone to the namespace, all services and endpoints within the namespace become available over DNS on the private network. All service and endpoint updates are immediately reflected in their DNS records. However, neither service nor endpoint metadata is available over DNS.

IAM

Permissions required for this task

To perform this task, you must have been granted the following permissions or the following IAM roles.

Permissions

servicedirectory.namespaces.associatePrivateZone

Roles

servicedirectory.admin
servicedirectory.editor

Creating a Service Directory zone backed by a namespace

You can only associate a Service Directory zone with a namespace when you create the zone. A Service Directory zone cannot also be a forwarding zone, a regular private zone, or a public zone.

Console

Go to the Cloud DNS page in the Google Cloud Console.
Go to the Cloud DNS page
Click Create zone.
In the Zone type section, click Private.
Give the zone a name.
Give the zone a DNS name
Under Options, select Use a service directory namespace.
Under Networks, select one or more networks that can use the Service Directory zone.
Select the Region where the namespace that you want to link lives.
Select the Namespace that you want to link.
Click Create.

gcloud

gcloud dns managed-zones create SD_ZONE \
   --dns-name "DNS_NAME" \
   --description "this zone is backed by Service Directory" \
   --visibility private \
   --networks https://www.googleapis.com/compute/v1/projects/project_ID/global/networks/network \
   --service-directory-namespace https://servicedirectory.googleapis.com/v1/projects/project_ID/locations/region/namespaces/namespace-name

Replace the following values:

SD_ZONE: the name of the Service Directory zone that you are creating.
DNS_NAME: the DNS name, such as us-east1.example.com., for the new zone.
https://www.googleapis.com/compute/v1/projects/PROJECT_ID/global/networks/NETWORK: the FQDN of the networks that can use the zone.
https://www.servicedirectory.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/registries/NAMESPACE_NAME: the FQDN of the namespace that you are linking.

Deleting the Service Directory zone

At any point, you can delete a Service Directory zone. This deletion happens through Cloud DNS and has no effect on any associated Service Directory namespaces. The associated namespace continues to be available for look up through HTTP and gRPC.

You can delete a service or namespace that has a Service Directory zone pointing to it without deleting the zone. If you do, any further DNS queries for that service return NXDOMAIN.

What's next

To learn how to secure Service Directory in a service perimeter, see secure Service Directory in a service perimeter.
To get an overview of Service Directory, see the Service Directory overview.
To find solutions for common issues that you might encounter when using Service Directory, see Troubleshooting.