GCP Networking: Part 1 Cloud DNS Simplifying the easy way to understand and how to use Google Cloud DNS.

Biswanath Giri
9 min readOct 18, 2023

--

What is Google Cloud DNS?

Google Cloud DNS is a scalable and highly reliable Domain Name System (DNS) service provided by Google Cloud Platform (GCP). DNS is a fundamental technology that translates human-readable domain names (like www.example.com) into IP addresses that computers use to locate services and resources on the internet.

All features

Authoritative DNS lookup

Cloud DNS translates requests for domain names like www.google.com into IP addresses like 74.125.29.101.

Cloud IAM

Cloud Domains’ integration with Cloud IAM provides secure domains management with full control and visibility for domain resources.

Cloud Logging

Private DNS logs a record for every DNS query received from VMs and inbound forwarding flows within your networks. You can view DNS logs in Cloud Logging and export logs to any destination that Cloud Logging export supports.

DNS peering

DNS peering makes available a second method of sharing DNS data. All or a portion of the DNS namespace can be configured to be sent from one network to another and, once there, will respect all DNS configuration defined in the peered network.

DNS forwarding

If you have a hybrid-cloud architecture, DNS forwarding can help bridge your on-premises and Google Cloud DNS environments. This fully managed product lets you use your existing DNS servers as authoritative, and intelligent caching makes sure your queries are performed efficiently — all without third-party software or the need to use your own compute resources.

DNS registration and management

Cloud Domains allow customers to register and manage domains on Google Cloud and provide tight integration with Cloud DNS.

DNS security (DNSSEC)

DNSSEC protects your domains from spoofing and cache poisoning attacks. With Cloud Domains, you can enable or disable managed DNSSEC when you create a public zone.

Fast anycast name servers

Cloud DNS uses our global network of anycast name servers to serve your DNS zones from redundant locations around the world, providing high availability and lower latency for your users.

Private zones

Private DNS zones provide an easy-to-manage internal DNS solution for your private Google Cloud networks, eliminating the need to provision and manage additional software and resources. And since DNS queries for private zones are restricted to a private network, hostile agents can’t access your internal network information.

Zone and project management

Create managed zones for your project, then add, edit, and delete DNS records. You can control permissions at a project level and monitor your changes as they propagate to DNS name servers.

Container-native Cloud DNS

The native integration of Cloud DNS with Google Kubernetes Engine (GKE) provides in-cluster Service DNS resolution with Cloud DNS, enabling high-throughput, scalable DNS resolution for every GKE node.

Quick Overview of DNS Terminology:

Google Cloud DNS is a service provided by Google Cloud Platform (GCP) that allows you to manage and resolve domain names to IP addresses using Google’s globally distributed and highly reliable infrastructure. Here’s how Google Cloud DNS works with an example:

  1. Setting up Google Cloud DNS: First, you need to set up Google Cloud DNS within your Google Cloud Platform project. This involves creating DNS zones and configuring records. For this example, let’s assume you have already set up a DNS zone for your domain, “example.com,” within Google Cloud DNS.
  2. Creating DNS Records: Within your DNS zone, you create DNS records that map domain names to IP addresses or other resources. For example, you can create an “A” record that maps “www.example.com" to an IP address.
  3. User Query: A user opens a web browser and enters the URL “www.example.com" in the address bar.
  4. Local DNS Cache: The user’s device checks its local DNS cache to see if it already knows the IP address for “www.example.com." If the information is not in the cache, it proceeds to resolve the domain.
  5. Google Cloud DNS: Since the information is not in the local cache, the user’s device sends a DNS query to Google Cloud DNS, specifying that it wants to resolve “www.example.com."
  6. Query Resolution: Google Cloud DNS’s globally distributed infrastructure handles the query. It looks up the DNS zone for “example.com” and returns the associated IP address to the user’s device.
  7. IP Address Retrieval: The user’s device receives the IP address associated with “www.example.com" from Google Cloud DNS.
  8. Connecting to the Website: With the IP address in hand, the user’s device can establish a connection to the web server hosting “www.example.com" to retrieve the web page content.
  9. DNS Cache Update: The IP address is stored in the user’s local DNS cache, so future requests for “www.example.com" can be resolved quickly without needing to query Google Cloud DNS again until the cached entry expires.

A public DNS zone is a DNS zone that is accessible to anyone on the internet. Public DNS zones are typically used to host DNS records for websites that are publicly accessible.

A private DNS zone is a DNS zone that is not accessible to anyone on the internet. Private DNS zones are typically used to host DNS records for internal websites and resources.

What is ANS (Authoritative Name Server)?

ANS stands for Authoritative Name Server. It is a DNS server that is responsible for storing and maintaining the DNS records for a particular domain name or set of domain names. ANS servers are the authoritative source of information for DNS queries about those domain names.

When a user’s computer or device needs to resolve a domain name into an IP address, it sends a query to a DNS server. The DNS server then looks up the IP address for the domain name in its database. If the DNS server does not have the IP address for the domain name in its database, it will forward the query to another DNS server, until the query is eventually answered by an ANS server.

ANS servers are typically operated by the domain name registrars or by the organizations that own the domain names. They are responsible for ensuring that the DNS records for the domain names are accurate and up-to-date.

What is Cloud DNS Forwarding?

Google Cloud DNS Forwarding is a feature that allows you to forward DNS queries from your Google Cloud resources to another DNS server. This can be useful for a variety of reasons, such as:

  • To forward DNS queries to your on-premises DNS server.
  • To forward DNS queries to a third-party DNS server, such as a DNS filter or a DNS load balancer.
  • To forward DNS queries to a different Google Cloud zone.

To use Google Cloud DNS Forwarding, you first need to create a forwarding zone. A forwarding zone is a DNS zone that contains forwarding rules. A forwarding rule specifies the DNS server that DNS queries should be forwarded to.

Once you have created a forwarding zone, you can add forwarding rules to it. You can also configure the forwarding zone to forward DNS queries to multiple DNS servers.

DNS Inbounds forwarding :

Cloud DNS Inbound forwarding is a feature that allows you to forward DNS queries from your on-premises network to your Google Cloud DNS zones.

DNS Outbound forwarding

Cloud DNS Outbound forwarding is a feature that allows you to forward DNS queries from your Google Cloud resources to On-Prem.

What is Google Cloud DNS Peering?

Google Cloud DNS Peering refers to a feature within Google Cloud Platform (GCP) that allows you to establish private, low-latency, and secure connectivity between your Google Cloud Virtual Private Cloud (VPC) networks and other VPC networks. This peering is achieved using Google’s global network infrastructure.

Here’s a brief overview of Google Cloud DNS Peering:

  1. Interconnectivity: Google Cloud DNS Peering facilitates interconnectivity between your VPC networks and external networks, such as your on-premises data center, another cloud provider’s network, or a partner’s network. This interconnectivity allows for secure and direct communication between these environments.
  2. Private and Secure: Traffic between the peered networks remains private and doesn’t traverse the public internet. This enhances security and minimizes the exposure of your data to potential threats.
  3. Low Latency: Google’s global network infrastructure ensures low-latency connectivity, which is essential for real-time applications and services.

Use Cases:

  • Hybrid Cloud: Google Cloud DNS Peering is valuable for organizations using a hybrid cloud approach. It allows them to extend their on-premises networks into Google Cloud while maintaining secure, private communication.
  • Multi-Cloud: If an organization uses multiple cloud providers, DNS peering can help create a private network path between Google Cloud and other cloud environments.
  • Partner Connectivity: Google Cloud DNS Peering can be used to establish secure connections with partners’ networks or other third-party networks.
  1. Configuration: To set up Google Cloud DNS Peering, you configure peering connections in Google Cloud Console, specifying the relevant VPC networks to be peered. Configuration can also involve defining routes, setting up firewall rules, and enabling communication between the peered networks.
  2. Routing: Once peering is established, routing and traffic flow are managed according to the defined configurations. Traffic between the peered networks will follow the specified routes.

Reference Link: How to use GCP DNS

Google Cloud DNS

About Me

I am having experienced IT professional with a passion for helping businesses embark on their journey to the cloud. With over 15+ years of industry experience, I currently serve as a Google Cloud Principal architect, assisting customers in building highly scalable and efficient solutions on the Google Cloud Platform. My expertise lies in infrastructure and zero trust security, Google Cloud networking, and cloud infrastructure building using Terraform. I hold several prestigious certifications, including Google Cloud, HashiCorp, Microsoft Azure, and Amazon AWS Certified.​

Certificated :

1. Google Cloud Certified — Cloud Digital Leader.
2. Google Cloud Certified — Associate Cloud Engineer.
3. Google Cloud Certified — Professional Cloud Architect.
4. Google Cloud Certified — Professional Data Engineer.
5. Google Cloud Certified — Professional Cloud Network Engineer.
6. Google Cloud Certified — Professional Cloud Developer Engineer.
7. Google Cloud Certified — Professional Cloud DevOps Engineer.
8. Google Cloud Certified — Professional Security Engineer.
9. Google Cloud Certified — Professional Database Engineer.
10. Google Cloud Certified — Professional Workspace Administrator.
11. Google Cloud Certified — Professional Machine Learning.
12. HashiCorp Certified — Terraform Associate
13. Microsoft Azure AZ-900 Certified
14. Amazon AWS-Practitioner Certified

Helping professionals and students to Build their cloud careers. My responsibility is to make the cloud easy content to understand easily! Please do #like, #share and #subscribe for more amazing #googlecloud content and #googleworkspace content If you need any guidance and help feel free to connect with me

YouTube:https://www.youtube.com/@growwithgooglecloud

Topmate :https://topmate.io/gcloud_biswanath_giri

Telegram: https://t.me/growwithgcp

Twitter: https://twitter.com/bgiri_gcloud

Instagram:https://www.instagram.com/google_cloud_trainer/

LinkedIn: https://www.linkedin.com/in/biswanathgirigcloudcertified/

Facebook:https://www.facebook.com/biswanath.giri

Linktree:https://linktr.ee/gcloud_biswanath_giri

and DM me,:) I am happy to help!!

You can also schedule 121 discussions with me on topmate.io/gcloud_biswanath_giri for any Google Cloud-related query and concerns:😁

--

--

Biswanath Giri

Cloud & AI Architect | Empowering People in Cloud Computing, Google Cloud AI/ML, and Google Workspace | Enabling Businesses on Their Cloud Journey