0

For quick testing purposes, I would like to create a A record using CloudDNS pointing to a private rfc1918 address in a public managed zone. CloudDNS allows the operation however it doesn't seem to propagate properly? After looking around it does seem technically possible even though it's frowned upon. But this is really for testing purposes only. Is it possible? Is there a hidden step somewhere. Just for clarification this is a public managed zone on Google's CloudDNS.

Nicolas Estrada
  • 1
  • 2
    You can create an A record and assign any valid IP address number. However, private IP addresses are only accessible from the same network or networks that are routed together.Will a DNS resource record propagate, maybe, but this depends on the DNS servers which you do not control. Edit your question with specific details on what you are doing and what this problem is. Note: Google Cloud supports private zones, and this is the feature you should be using. – John Hanley Apr 25 '21 at 17:38
  • 2
    DNS propose is to resolve an alphabetical human-readable name into a technical computer/network-usable data. Put private or public IPs in the DNS isn't a problem, but the server that will resolve the name and use the private technical data must have the capacity to reach it. – guillaume blaquiere Apr 26 '21 at 06:59
  • I did a quick test creating a Public zone with a private IP in the A record and was able to dig @ns-cloud-b1.googledomains.com (for this test) the A record. As you mentioned that it is not propagated properly, would you elaborate a bit more on this? What behavior you are noticing? – Marcel P Apr 26 '21 at 19:48
  • Well if I use dig and the exact ns yes I'm able to resolve the address, however it seems that my internal network already has a 10.in-addr.arpa. zone defined and my IT guys are unwilling or unable to configure the internal DNS to forward to the ones defined in Cloud DNS. Anyhow it was really a bad idea and an attempt to get some work done over the weekend, but I don't have access to internal DNS but I do for Cloud DNS ;) – Nicolas Estrada Apr 26 '21 at 20:04
  • Also it would have been a great way to use dns01 acme challenge for letsencrypt for internal certificate generation, as my servers neither are exposed on the internet nor are they resolvable on public internal DNS nameservers. – Nicolas Estrada Apr 26 '21 at 20:06
  • The ACME DNS01 challenge requires a TXT or CNAME record for the domain you are issuing a certificate for to prove you own/control the domain. That feature is unrelated to private IP addresses. – John Hanley Apr 26 '21 at 20:17

0 Answers0