I have the following setup:
GKE - Running many pods, annotated with External DNS endpoints.
External DNS running, creating DNS addresses in Cloud DNS.
Cloud DNS managed zone, with addresses automatically upserted from GKE.
I don't want to expose these dns addresses to the internet, as this is a testing cluster, but i'd like to open it to, set's say, my offices ip, address.
I'm not sure how/where to even start with this in GCP, I'm sure there's a product name for this that I'm just missing. :/
Cheers,
Ben
Related
When I type in my custom domain, http://jakeyoon.dev , I get ERR_CONNECTION_TIMD_OUT.
I purchased the domain from Google Domain and set up a simple LAMP stack using GCP Marketplace and VM Instances.
I added A record from Google Domain's DNS Settings that points to VM Instance's external IP address.
I also added a CNAME to route www.jakeyoon.dev to jakeyoon.dev
I didn't change any name server
VM's external IP works when just routing directly.
http://34.134.167.124/
I get the correct IP address when I do a DNS resolve
https://dns.google/query?name=jakeyoon.dev
I would appreciate any advice!
Do I need to host a zone and use Cloud DNS from GCP?
What else do I need to change from Google Domains?
Thanks
I'm using Route-53 as a DNS management service.
I have a problem that I'm not really sure how to solve it. I've come here to seek ideas.
I have a partner who wants an IP address of the DNS server, so that they can integrate their on-prem DNS server, to what I'm using(Route-53). This is not possible as Route-53 doesn't give an IP address for accessing the DNS servers. This is because it's a managed service. How can I get IP address for the Route-53 DNS servers so that my integrating partner can use to integrate the DNS server from their end to mine(Route-53)?
I appreciate your advice.
Taken from AWS docs:
10.0.0.2: Reserved by AWS. The IP address of the DNS server is the base of the VPC network range plus two. For VPCs with multiple CIDR blocks, the IP address of the DNS server is located in the primary CIDR. We also reserve the base of each subnet range plus two for all CIDR blocks in the VPC. For more information, see Amazon DNS server.
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html
I'm assuming your hosted zone is private, as if it was public, your partner wouldn't need to do any special configuration (unless they don't allow querying public DNS in their network).
If this is a private DNS, I think what you want is to setup a Route 53 Resolver. Specifically, you would want an inbound endpoint setup in your VPC. This will give you a specific IP address that you can provide to your partner. If you haven't already, you'd then need to configure network routing between your VPC and your partner's network (via a tunnel or peering).
AWS has a couple user guides for this, see below:
Route 53 Resolver Developer Guide
Route 53 Resolver announcement
I have a GCP VPC and it is connected to on-prem using Public Cloud Interconnect.
Traffic flow between onprem and the VPC is ok. All routes and firewalls are configured correctly.
Now I would like to have the company DNS servers available for VMs in my VPC.
My 3 DNS servers are
10.17.121.30 dns-01.net.company.corp
10.17.122.10 dns-02.net.company.corp
10.17.122.170 dns-03.net.company.corp
Now I have done the below config in Cloud DNS in GCP.
The DNS name is company.corp
The "In use by" is referring my VPC.
The IPs 10.17.121.30, 10.17.122.10 and 10.17.122.170 are on-prem and are accessible from the VPC over port 53.
But after having done all the above, if I try to connect to any on-prem machine using its name, I get
telnet: could not resolve example-server.corp.sap/443: No address associated with hostname
The above request is being made from a VM inside the VPC.
Which leads me to believe that my DNS servers might not be correctly configured. What have I missed here ?
If you are intending to have your VMs able to resolve hostnames within your on-premises network, then you will need to make use of DNS forwarding. You would need to configure your private zone as a forwarding zone. Once this is done you can use your forwarding zone to query on-premises servers.
Azure provides a way to access a VM using *.cloudapp.net, is there something similar in GCP? If yes, where/how can I see the exact CNAME for accessing the instnace?
I read it that its *.googleapi.com, but not able to find it anywhere on GCP portal
Note this SO question comments says it should be of format computername.c.googleprojectid.googleapis.com, is that not correct?
Google Cloud Compute Engine virtual machines (instances) are accessed by IP address outside Google Cloud or by internal DNS name inside Google Cloud. If you want a public DNS name, you must configure the public DNS name in your DNS server for your domain name.
Google Cloud does create an internal DNS name for your instance. However, this DNS name is private and only resolves in the same VPC as the instance.
You could use Cloud DNS, while setting the name-servers at the registrar to Cloud DNS.
See Updating your domain's name servers.
This means, you'd have to provide your own domain-name and at least one external IP - even with external DNS. The location of the zone-file to edit merely depends upon which name-servers the domain registration has set.
Does GCP support an internal DNS service? I don't need my zone to be public but I want my gce instances to use it for resolving internal services.
I am not very clear on your requirements, but if you just want two vm instances in a project VPC to communicate with each other then you can use internal dns, instead of using internal IP address which might change when a vm instance gets recreated.
GCP provides internal dns that can be used by two VM instances in the same VPC to communicate.
Note that vm instances in two different VPC can not communicate with each other across VPCs using this method (unless a VPN or other mechanism is configured to connect VPCs)
There are two ways to access/configure Internal DNS
Global DNS
Zonal DNS (Default for all organizations or standalone projects that have enabled the Compute Engine API after September 06, 2018.)
An internal fully qualified domain name (FQDN) for an instance has the following formats:
Instances using the default global DNS : [HOST_NAME] .c.[PROJECT_ID].internal
Instances enabled for Zonal DNS : [HOST_NAME].[ZONE].c.[PROJECT_ID].internal
You can address instances over the internal VPC network using this FQDN.
For example, if your instances are enabled for Zonal DNS, you can ping from one instance to another instance over the internal VPC network using the zonal fully qualified domain name:
ping example-instance.us-west1-c.c.example-project.internal -c 1
Yes, as of Oct 2018, Google Cloud DNS now supports Private DNS Zones.
You can create domains and DNS entries (pointing to whatever instances, load balancers, services) that will only be visible internally to the VPC networks you allow, and not available over the internet.
Announcement:
https://cloud.google.com/blog/products/networking/introducing-private-dns-zones-resolve-to-keep-internal-networks-concealed
Documentation:
https://cloud.google.com/dns/docs/quickstart#create_a_managed_private_zone
It appears based on this VPC doc that you would need to set up your own DNS server.
DNS server Each instance's metadata server acts as a DNS server. It
stores the DNS entries for all VPC network IP addresses in the local
VPC network and calls Google's public DNS server for entries outside
the VPC network. You cannot configure this DNS server, but you can set
up your own DNS server if you like and configure your instances to use
that server instead by editing the /etc/resolv.conf file.
EDIT:
As the more recent answers have pointed out, Cloud DNS now supports private zones.