This overview page explains how you can manage DNS records using Cloud DNS in Google Distributed Cloud (GDC) air-gapped. Cloud DNS provides a highly-reliable, scalable way to manage DNS records. Learn how Cloud DNS works in GDC, including the distinctions between public and private DNS zones.
The intended audience for this page is platform administrators and application operators responsible for network administration and managing DNS for their organization. This page assumes you have a basic understanding of essential networking and DNS concepts.
How Cloud DNS works for GDC air-gapped
GDC air-gapped Cloud DNS delivers a highly reliable and scalable solution for effortlessly managing DNS records. Cloud DNS provides robust security, including features like DNSSEC and DoT/DoH across single or multiple zones:
- DNSSEC (DNS Security Extensions): Adds cryptographic signatures to DNS records to verify their authenticity and prevent tampering during transit, ensuring the record originates from the authoritative server.
- DoT (DNS over TLS): Encrypts DNS queries and responses using TLS, securing communication between a DNS client and resolver.
- DoH (DNS over HTTPS): Encapsulates DNS queries and responses within standard HTTPS traffic, effectively disguising DNS activity as regular web traffic.
Benefits of Cloud DNS for GDC air-gapped
Cloud DNS provides you with the following benefits:
- Simplicity: Use a Kubernetes-based API to perform DNS administration.
- Security: Enable robust security through features like DNSSEC and DoT/DoH across single or multiple zones.
- Cost-effective: Configure a flexible pay-as-you-go pricing model with tiered discounts.
Zone types for Cloud DNS
A DNS zone is a specific portion of the DNS namespace that you are responsible for. GDC offers two types of managed DNS zones:
- Public DNS zones: These zones are visible and accessible from anywhere in your network. Public zones are used for services that you want to be reachable by users outside of your GDC.
- Private DNS zones: These zones are only accessible from within your default customer Virtual Private Cloud (VPC) in GDC. Private zones are ideal for internal services and applications that must not be exposed to the external network.
Create DNS records within zones
Within a DNS zone, you create DNS records. Each record associates a domain name or subdomain with a specific value, such as an IP address, another domain name, or text information. Different types of DNS records serve different purposes, such as directing traffic, defining mail servers, and verifying ownership. You can configure the following record types:
- Address (A) record: maps a domain name to one or more IPv4 addresses. This record is the most fundamental record type for pointing a domain to a server.
- Canonical Name (CNAME) record: creates an alias of one domain name to another canonical (authoritative) domain name. This record type is useful for redirecting traffic or simplifying DNS management.
- Text (TXT) record: lets you associate arbitrary text with a domain name. These records are often used for verification purposes or to store information like Sender Policy Framework (SPF) records for email authentication.
- Pointer (PTR) record: maps an IP address back to a domain name, also known as reverse DNS lookup. This record is often used for email server reputation and logging analysis.
- Mail Exchanger (MX) record: specifies the mail servers responsible for accepting email for a domain. This is essential for setting up email services.
The ResourceRecordSet API in GDC lets you create and manage DNS records within a DNS zone. This API lets you specify the details of a set of identical DNS records that share the same name, type, and TTL (Time-To-Live).
Use the Kubernetes API for DNS operations
You can use the Kubernetes API in GDC to create DNS zones and create DNS records. This API lets you define the state of your DNS zones, including their name, description, and visibility. The API provides the following:
- DNS zone creation and management: Define and configure DNS zones such as domain name, description, public or private visibility.
- Zone listing: List all managed DNS zones.
- Distributed deployment and replication: Replicate DNS zones across GDC air-gapped zones for high availability and global distribution.
- Status monitoring: Track overall zone health, deployment progress, and individual replica status.
For the full reference documentation for the DNS zones in GDC, see ManagedDNSZone.