4

Does GCP support an internal DNS service? I don't need my zone to be public but I want my gce instances to use it for resolving internal services.

red888
  • 27,709
  • 55
  • 204
  • 392

3 Answers3

6

I am not very clear on your requirements, but if you just want two vm instances in a project VPC to communicate with each other then you can use internal dns, instead of using internal IP address which might change when a vm instance gets recreated.

GCP provides internal dns that can be used by two VM instances in the same VPC to communicate.

Note that vm instances in two different VPC can not communicate with each other across VPCs using this method (unless a VPN or other mechanism is configured to connect VPCs)

There are two ways to access/configure Internal DNS

  • Global DNS
  • Zonal DNS (Default for all organizations or standalone projects that have enabled the Compute Engine API after September 06, 2018.)

An internal fully qualified domain name (FQDN) for an instance has the following formats:

Instances using the default global DNS : [HOST_NAME]       .c.[PROJECT_ID].internal
Instances enabled for Zonal DNS        : [HOST_NAME].[ZONE].c.[PROJECT_ID].internal

You can address instances over the internal VPC network using this FQDN.

For example, if your instances are enabled for Zonal DNS, you can ping from one instance to another instance over the internal VPC network using the zonal fully qualified domain name:

ping example-instance.us-west1-c.c.example-project.internal -c 1
Henrik
  • 9,714
  • 5
  • 53
  • 87
Prashant Bhate
  • 10,907
  • 7
  • 47
  • 82
  • 1
    Global DNS is no longer the default: "Zonal DNS: Default for all organizations or standalone projects that have enabled the Compute Engine API after September 06, 2018." – Henrik Oct 15 '19 at 10:37
5

Yes, as of Oct 2018, Google Cloud DNS now supports Private DNS Zones.

You can create domains and DNS entries (pointing to whatever instances, load balancers, services) that will only be visible internally to the VPC networks you allow, and not available over the internet.

Mani Gandham
  • 7,688
  • 1
  • 51
  • 60
  • This is not what the OP talks about. – Henrik Oct 15 '19 at 10:39
  • @Henrik The OP is talking about reaching their services (not instances) and keeping their zone private instead of public. The OP also replied to a comment on another answer asking exactly for this internal/private DNS as compared to AWS. Feel free to add your own answer if you think you know better. – Mani Gandham Oct 15 '19 at 19:46
  • I do think I know better; it's what Prashant wrote. But you're correct in saying that this is an alternative; hence no downvote :) – Henrik Oct 16 '19 at 15:39
1

It appears based on this VPC doc that you would need to set up your own DNS server.

DNS server Each instance's metadata server acts as a DNS server. It stores the DNS entries for all VPC network IP addresses in the local VPC network and calls Google's public DNS server for entries outside the VPC network. You cannot configure this DNS server, but you can set up your own DNS server if you like and configure your instances to use that server instead by editing the /etc/resolv.conf file.

EDIT: As the more recent answers have pointed out, Cloud DNS now supports private zones.

Dan Kowalczyk
  • 4,103
  • 2
  • 18
  • 29
  • 1
    AWS does support internal DNS on Route 53 https://aws.amazon.com/about-aws/whats-new/2014/11/05/amazon-route-53-now-supports-private-dns-with-amazon-vpc/ – Dan Kowalczyk Jan 25 '18 at 18:50
  • I added that comment only for completeness so others will find this question more useful. Glad you already knew that. – Dan Kowalczyk Jan 25 '18 at 19:01
  • 1
    Google's Private DNS support was just announced: https://cloud.google.com/blog/products/networking/introducing-private-dns-zones-resolve-to-keep-internal-networks-concealed – Robert Oct 24 '18 at 00:36
  • This reply is misguided; CloudDNS does not do internal DNS, so the "assumption" is off to start with, and that's the answer. Also, you don't need your own DNS server, there's a metadata server that acts as internal DNS server for GCP compute instances (like your quote says, but that's first after three misleading paragraphs). See https://cloud.google.com/compute/docs/internal-dns for details. Also see "internal gcp l4 load balancers" and how their Frontends add DNS entries to your GCP "standalone project". – Henrik Oct 15 '19 at 10:36
  • It's still only half-right; you don't need to set up your own DNS server, you can use the metadata server as DNS and it will resolve internal compute instance names. See the next answer https://stackoverflow.com/a/49891825/63621 – Henrik Oct 16 '19 at 15:40
  • @Henrik Please recognize that the owner of this question selected mine as the accepted answer. Thanks for pointing out the next answer which appears to be the best answer today, but know that my answer was sufficient for its time. – Dan Kowalczyk Oct 17 '19 at 04:24