Private Cloud DNS Zone in GCP
DNS — Domain Name System as it is called — is a way to setup friendly names against IP addresses ie: google.com
DNS Zone in GCP is the collection of DNS names in cloud DNS. All these DNS names have same suffix. So if we create a DNS Zone with DNS name(suffix) example.com then all the DNS record sets under this zone will have example.com as suffix ie: test1.example.com or test2.example.com.
Private means that DNS names created under this zone can only be resolved in the networks where DNS zone was created. There is a possibility to select more than one network while creating DNS zones. In this example we are creating DNS zone only with Default network. This means that DNS names created under this zone, will be accessible only within default network.
Let’s see things in action.
In order to follow along with — please create 2 compute instances as per specification in below image. Please pick name and IPs as you like but please ensure that they are in the same network. In this example, both VM instances are in the same default network but in different regions.
In order to understand Private Cloud DNS requirement, we will first try to understand how these machines can talk to each other and what is the challenge with that approach.
Since these VMs are in the same network, they can communicate over private IP. Let’s login to each machine in sequence over ssh and ping the other machine over private IP to check the connection.
We are on instance - 2
amitkumardube@instance-2:~$ hostname
instance-2Pinging instance -1 on private IP ( connection works fine )
amitkumardube@instance-2:~$ ping -c 3 10.128.15.200
PING 10.128.15.200 (10.128.15.200) 56(84) bytes of data.
64 bytes from 10.128.15.200: icmp_seq=1 ttl=64 time=1.92 ms
64 bytes from 10.128.15.200: icmp_seq=2 ttl=64 time=0.301 ms
64 bytes from 10.128.15.200: icmp_seq=3 ttl=64 time=0.342 ms--- 10.128.15.198 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 9ms
rtt min/avg/max/mdev = 0.301/0.852/1.915/0.752 msWe are on instance - 1
amitkumardube@instance-1:~$ hostname
instance-1Pinging instance -2 on private IP ( connection works fine )
amitkumardube@instance-1:~$ ping -c 3 10.128.15.199
PING 10.128.15.199 (10.128.15.199) 56(84) bytes of data.
64 bytes from 10.128.15.199: icmp_seq=1 ttl=64 time=11.1 ms
64 bytes from 10.128.15.199: icmp_seq=2 ttl=64 time=9.24 ms
64 bytes from 10.128.15.199: icmp_seq=3 ttl=64 time=9.25 ms--- 10.128.15.199 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 9.235/9.862/11.104/0.885 ms
So communication between instance -2 and instance -1 works fine.
This is good but probably you already noticed the problem. If you think that you can’t remember IP addresses, then you guessed it right. IP addresses are not easy to remember. It would have been nice if these VM instances could communicate over a friendly name.
If you noticed already, these compute instances has names and names are easy to remember. Shall we try connecting to them using their names? Let’s give it a try.
We are on instance - 2
amitkumardube@instance-2:~$ hostname
instance-2Pinging instance - 1 using it's name ( not working )
amitkumardube@instance-2:~$ ping -c 3 instance-1
ping: instance-1: Name or service not knownNow we are on instance - 1
amitkumardube@instance-1:~$ hostname
instance-1Pinging instance - 2 using it's name ( not working )
amitkumardube@instance-1:~$ ping -c 3 instance-2
ping: instance-2: Name or service not known
So none of the 2 instances can talk to each over using their names. So here is our challenge.
“The challenge is that we need to find a way so that these compute instances can talk to each other with a friendly name.”
let’s see how private cloud DNS zone can help us to find a solution here.
let’s create a Private Cloud DNS Zone with name example and DNS Name example.com. Go to cloud DNS -> click Create Zone and fill in the details as per the below screenshot. This will create a Private Zone(example) with DNS name(example.com).
Now we have the Zone but it’s not mapped with any of our instances. let’s do the mapping. We do this by creating record set of type “A”. Type “A” is a mapping between a friendly name and IP address. We will create 2 record sets - one for each compute instances.
Open our zone (example) and click on “Add Record Set” and then fill in the details as per below screenshots to create both record sets.
Created record set for instance -1 with a friendly name compute-1.example.com and this is mapped to the Private IP address of instance — 1.
Note : example.com is the suffix DNS name which we entered while creating the private cloud DNS zone.
Created record set for instance-2 with a friendly name compute-2.example.com and this is mapped to private IP address of instance — 2.
Now we have friendly names(created via cloud DNS) for both instances. Let’s try and see if they can communicate using their friendly DNS names.
We are on instance - 1
amitkumardube@instance-1:~$ hostname
instance-1Pinging instance - 2 using it's name (not working)
amitkumardube@instance-1:~$ ping -c 3 instance-2
ping: instance-2: Name or service not knownPinging instance - 2 using it's private DNS name ( works fine )
amitkumardube@instance-1:~$ ping -c 3 compute-2.example.com
PING compute-2.example.com (10.128.15.199) 56(84) bytes of data.
64 bytes from instance-2.us-central1-a.c.my-first-project-298218.internal (10.128.15.199): icmp_seq=1 ttl=64 time=3.35 ms
64 bytes from instance-2.us-central1-a.c.my-first-project-298218.internal (10.128.15.199): icmp_seq=2 ttl=64 time=1.10 ms
64 bytes from instance-2.us-central1-a.c.my-first-project-298218.internal (10.128.15.199): icmp_seq=3 ttl=64 time=0.947 ms--- compute-2.example.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 0.947/1.795/3.345/1.098 msWe are on instance - 2
amitkumardube@instance-2:~$ hostname
instance-2Pinging instance - 1 using it's name (not working)
amitkumardube@instance-2:~$ ping -c 3 instance-1
ping: instance-1: Name or service not knownPinging instance - 1using it's private DNS name ( works fine )
amitkumardube@instance-2:~$ ping -c 3 compute-1.example.com
PING compute-1.example.com (10.128.15.200) 56(84) bytes of data.
64 bytes from instance-1.us-central1-c.c.my-first-project-298218.internal (10.128.15.200): icmp_seq=1 ttl=64 time=3.20 ms
64 bytes from instance-1.us-central1-c.c.my-first-project-298218.internal (10.128.15.200): icmp_seq=2 ttl=64 time=1.04 ms
64 bytes from instance-1.us-central1-c.c.my-first-project-298218.internal (10.128.15.200): icmp_seq=3 ttl=64 time=0.975 ms--- compute-1.example.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 0.975/1.738/3.197/1.032 ms
Hurray. We have assigned a friendly name(private DNS Name) to our compute instances and successfully tested connection between them using these friendly names.
Hope you find it useful.
GOOD LUCK!!