Stay organized with collections
Save and categorize content based on your preferences.
(Legacy networks) Create DNS forwarding rules
Your private cloud's DNS forwarding rules determines how Google Cloud VMware Engine forwards DNS
requests from management appliances to the DNS servers of your on-premises
services.
You can configure multiple conditional DNS forwarding rules each with one or
more DNS servers associated with the domains.
Here are some example processes that require conditional DNS forwarding rules:
Forwarding syslog messages from your private cloud vCenter to your syslog
collection server by server name.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# (Legacy networks) Create DNS forwarding rules\n=============================================\n\n| **Caution:** You can only use conditional DNS forwarding rules for private clouds attached to Legacy VMware Engine networks. To configure DNS resolution for management appliances in private clouds attached to Standard VMware Engine networks, see [Configure DNS Bindings](/vmware-engine/docs/networking/howto-create-dns-bindings).\n\nYour private cloud's DNS forwarding rules determines how Google Cloud VMware Engine forwards DNS\nrequests from management appliances to the DNS servers of your on-premises\nservices.\n\nYou can configure multiple conditional DNS forwarding rules each with one or\nmore DNS servers associated with the domains.\n\nHere are some example processes that require conditional DNS forwarding rules:\n\n- Forwarding syslog messages from your private cloud vCenter to your syslog collection server by server name.\n- Using an [on-premises Active Directory deployment as an identity source](/vmware-engine/docs/vmware-platform/howto-identity-sources) for your private cloud.\n- Using [VMware Site Recovery Manager (SRM) for disaster recovery](/vmware-engine/docs/vmware-ecosystem/howto-disaster-recovery-srm).\n- Using [Zerto Virtual Replication for disaster recovery](/vmware-engine/docs/vmware-ecosystem/howto-disaster-recovery-zerto).\n\nBefore you begin\n----------------\n\nThe steps in this document assume that you have done the following:\n\n- [Establish a connection between your private cloud and on-premises networks](/vmware-engine/docs/networking/howto-connect-to-onpremises)\n- [Make your on-premises DNS server accessible to your private cloud network](/vmware-engine/docs/networking/howto-dns-on-premises)\n\nCreate DNS forwarding rules\n---------------------------\n\nTo create DNS forwarding rules in your project, use one of the following\nmethods. \n\n### Console\n\nTo create a DNS forwarding rule for a private cloud by using the\nGoogle Cloud console, complete the following steps:\n\n1. In the Google Cloud console, go to the **Private clouds** page.\n\n [Go to Private clouds](https://console.cloud.google.com/vmwareengine/privateclouds)\n2. Click **Select a project** and then select the organization, folder, or project\n where you want to create the DNS forwarding rule.\n\n3. Select the private cloud to create a rule for.\n\n4. On the private clouds summary page, click **DNS**.\n\n5. Click **Add rule**.\n\n6. Specify the domain you want to forward for and specify one or more IPv4\n addresses that can resolve the domain, provided as a comma-separated\n list.\n\n### gcloud\n\nTo create a DNS forwarding rule for a private cloud, use the\n[`gcloud vmware private-clouds dns-forwarding update` command](/sdk/gcloud/reference/vmware/private-clouds/dns-forwarding/update). You can specify multiple rules by using multiple `--rule`\nflags for each request. \n\n```\ngcloud vmware private-clouds dns-forwarding update \\\n --project=PROJECT_ID \\\n --location=ZONE \\\n --private-cloud=PRIVATE_CLOUD_NAME \\\n --rule=domain=DOMAIN,name-servers=DNS_SERVER_IP1,DNS_SERVER_IP2,.... \\\n --rule=domain=DOMAIN,name-servers=DNS_SERVER_IP1,DNS_SERVER_IP2,....\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: the ID for your project where the private cloud is located\n- \u003cvar translate=\"no\"\u003eZONE\u003c/var\u003e: the zone for the private cloud\n- \u003cvar translate=\"no\"\u003ePRIVATE_CLOUD_NAME\u003c/var\u003e: the name of the private cloud\n- \u003cvar translate=\"no\"\u003eDOMAIN\u003c/var\u003e: the domain to be forwarded\n- \u003cvar translate=\"no\"\u003eDNS_SERVER_IP1,DNS_SERVER_IP2,....\u003c/var\u003e: a comma-separated list of IPv4 addresses for the authoritative DNS server\n\n### API\n\nCreate a `POST` request. You can add one or more rules to each request. \n\n```\ncurl -X POST -H \"Authorization: Bearer\nTOKEN\n\" -H \"Content-Type: application/json; charset=utf-8\"\nhttps://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/ZONE/privateClouds/PRIVATE_CLOUD_NAME/dnsForwarding -d '{\"forwardingRules\": [\n {\n \"domain\": \"DOMAIN\",\n \"nameServers\": [\n \"DNS_SERVER_IP1\",\n \"DNS_SERVER_IP2\"\n ]\n },\n {\n \"domain\": \"DOMAIN\",\n \"nameServers\": [\n \"DNS_SERVER_IP1\",\n \"DNS_SERVER_IP2\"\n ]\n }\n ]}\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: the ID for your project where the private cloud is located\n- \u003cvar translate=\"no\"\u003eZONE\u003c/var\u003e: the zone for the private cloud\n- \u003cvar translate=\"no\"\u003ePRIVATE_CLOUD_NAME\u003c/var\u003e: the name of the private cloud\n- \u003cvar translate=\"no\"\u003eDOMAIN\u003c/var\u003e: the domain to be forwarded\n- \u003cvar translate=\"no\"\u003eDNS_SERVER_IP1,DNS_SERVER_IP2,....\u003c/var\u003e: a comma-separated list of IPv4 addresses for the authoritative DNS server\n\nDescribe DNS forwarding rules\n-----------------------------\n\nTo describe DNS forwarding rules in your project, use one of the following\nmethods. \n\n### Console\n\nTo describe a DNS forwarding rule for a private cloud by using the\nGoogle Cloud console, complete the following steps:\n\n1. In the Google Cloud console, go to the **Private clouds** page.\n\n [Go to Private clouds](https://console.cloud.google.com/vmwareengine/privateclouds)\n2. Click **Select a project** and then select the organization, folder, or project that contains the private cloud you want to DNS forwarding rules for.\n\n3. Select the private cloud to create a rule for.\n\n4. On the private clouds summary page, click **DNS**.\n\n### gcloud\n\nTo create a DNS forwarding rule for a private cloud, use the\n[`gcloud vmware private-clouds dns-forwarding describe` command](/sdk/gcloud/reference/vmware/private-clouds/dns-forwarding/describe): \n\n```\ngcloud vmware private-clouds dns-forwarding describe \\\n --project=PROJECT_ID \\\n --location=ZONE \\\n --private-cloud=PRIVATE_CLOUD_NAME\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: the ID for your project where the private cloud is located\n- \u003cvar translate=\"no\"\u003eZONE\u003c/var\u003e: the zone for the private cloud\n- \u003cvar translate=\"no\"\u003ePRIVATE_CLOUD_NAME\u003c/var\u003e: the name of the private cloud\n\n### API\n\nCreate a `POST` request. \n\n```\nPOST https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/ZONE/privateClouds/PRIVATE_CLOUD_ID/dnsForwarding\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: the ID for your project where the private cloud is located\n- \u003cvar translate=\"no\"\u003eZONE\u003c/var\u003e: the zone for the private cloud\n- \u003cvar translate=\"no\"\u003ePRIVATE_CLOUD_NAME\u003c/var\u003e: the name of the private cloud"]]