Code360 powered by Coding Ninjas X Code360 powered by Coding Ninjas X
Table of contents
Cloud DN😶‍🌫️
Best practices for Cloud DNS🎯
DNS concepts on Google Cloud💯
Manage zones🧠
Create managed zones💡
Create a public zone
Create a private zone
List and describe managed zones💡
List managed zones
Describe a managed zone
Delete a managed zone💡
Add and delete records🧠
Add a record
Remove a record
Cloud DNS server policies🧑‍💻
CNAME chasing🧑‍🎓
Name resolution order
Frequently asked questions❓
What is the cloud?
What is Cloud DNS?
What is public DNS used for?
What is private DNS used for?
What is a VPC used for?
Last Updated: Mar 27, 2024

Cloud DNS

Author Anju Jaiswal
0 upvote
Master Python: Predicting weather forecasts
Ashwin Goyal
Product Manager @

Cloud DN😶‍🌫️

In this article, we will discuss Cloud DNS. It is a high-performance, resilient, global Domain Name System (DNS) service that publishes your domain names to the global DNS in a cost-effective way.

Cloud DNS

DNS is a hierarchical distributed database that enables name-based searches for IP addresses and other data. Without having to worry about maintaining your own DNS servers and software, cloud DNS enables you to publish your zones and records in DNS.

Both public and privately managed DNS zones are available with cloud DNS. A private zone can only be accessed from the one or more Virtual Private Cloud (VPC) networks that you specify, while a public zone can be accessed from anywhere on the public internet.

Identity and Access Management (IAM) permissions are supported by Cloud DNS at the project and individual DNS zone levels.

Best practices for Cloud DNS🎯

The Domain Name System (DNS) makes it simpler for people and software to address applications and services because names are simpler to remember and more adaptable than IP addresses. Accessing DNS records for internal resources frequently requires moving between on-premises and one or more cloud platforms in a hybrid environment. Traditionally, authoritative DNS servers like BIND in UNIX/Linux environments or Active Directory in Microsoft Windows environments are used to manage on-premises DNS records manually.

Check this out: Cloud Computing

Get the tech career you deserve, faster!
Connect with our expert counsellors to understand how to hack your way to success
User rating 4.7/5
1:1 doubt support
95% placement record
Akash Pal
Senior Software Engineer
326% Hike After Job Bootcamp
Himanshu Gusain
Programmer Analyst
32 LPA After Job Bootcamp
After Job

DNS concepts on Google Cloud💯

It's crucial to comprehend the various systems and services offered by Google Cloud for DNS resolution and domain names when using DNS on that platform:

  • Internal load balancers and virtual machines on Compute Engine receive automatic DNS name creation through the Internal DNS service.
  • Cloud DNS is a service that offers a DNS zone serving with low latency and high availability. For either private zones that are only accessible within your network or public zones that are visible to the internet, it can serve as an authoritative DNS server.
  • A domain controller and Microsoft Active Directory are both run by the highly available, secure Managed Service for Microsoft Active Directory.
  • An open, recursive DNS resolver, Public DNS is a Google service that is not a component of Google Cloud.
  • A domain registrar for purchasing, moving, and managing domains within Google Cloud is called Cloud Domains. Through an API, Cloud Domains enables you to communicate with the domain registration system.
  • A domain registrar for purchasing, transferring, or managing domains is Google Domains. This is a Google product outside of the Google Cloud. Users are not given access to Google Domains' API.

Manage zones🧠

This section provides directions for creating, listing, and deleting Cloud DNS managed zones.

Create managed zones💡

Google Cloud project is connected to each managed Zone you create. The creation of the managed zone types that Cloud DNS supports is covered in the sections that follow.

Create a public zone

The steps below must be followed in order to create a new managed zone.

create private zone
  1. Navigate to the Create a DNS zone page in the console.
  2. Go to Create a DNS zone.
  3. Choose Public as the Zone type.
  4. Name your Zone, for example, "my-new-zone."
  5. Using a domain name that you own, enter a DNS name suffix for the Zone. This suffix is shared by all records in the Zone, as in
  6. Choose Off, On, or Transfer under DNSSEC. See Enable DNSSEC for existing managed zones for more details. 
  7. Press Create. The page with Zone details appears.         
Public managed zone

Important: When you create the Zone with Cloud DNS, NS and SOA records are automatically created for you. Changes to the name of your Zone's NS record or the list of name servers that Cloud DNS has chosen for your Zone are not permitted.

Create a private zone

The steps below must be followed in order to create a new managed private zone with private DNS records managed by Cloud DNS.

  1. Navigate to the Create a DNS zone page in the console.
  2. Go to Create a DNS zone
  3. The Zone type should be set to Private.
  4. Name your Zone, for example, "my-new-zone."
  5. Add a DNS suffix to the private Zone's name. This suffix is shared by all records in the Zone, as in the example.private.
  6. Optional: Add a summary.
  7. Choose Default from Options (private).
  8. Choose the Virtual Private Cloud (VPC) networks that must be able to see the private Zone. Records in the Zone may only be accessed by the VPC networks that you choose.
  9. Press Create.

List and describe managed zones💡

The following sections show how to list or describe a managed zone.

List managed zones

Follow the steps below to list all of your managed zones for a project.

  1. Navigate to the Cloud DNS zones page in the console 
  2. Go to Cloud DNS zone
  3. In the right pane, view managed zones.

Describe a managed zone

To view the attributes of a managed zone, complete the following steps.

  1. In the console, go to the Cloud DNS zones page.
  2. Go to Cloud DNS zones
  3. Click the Zone that you want to inspect.

Delete a managed zone💡

Follow these instructions to delete a managed zone.

Note: Prior to deleting the Zone, all records within it must be deleted.

  1. Go to the Cloud DNS zones page, in the console.
  2. Go to Cloud DNS zones
  3. To delete a managed zone, click on it.
  4. With the exception of the SOA and NS records, delete every record in the Zone.
  5. Click Delete zone.

Add and delete records🧠

Add a record

You can add two values or strings to the record set when adding a record for the same DNS name. A space must be inserted between the first and second values in record sets.

These steps should be taken to create a record set:

  1. Navigate to the Cloud DNS zones page in the Google Cloud console.
  2.  Go to Cloud DNS zones.
  3. The managed Zone name that you want to add the record to is clickable.
  4. To add a record set, select Add on the Zone details page.
  5. Enter the subdomain of the DNS zone, such as mail, in the DNS name field on the Create record set page. At the conclusion, a trailing dot is automatically added.
  6.  Use an asterisk (*) to create a wildcard DNS record, for instance *
  7.  Note: Adding the @ symbol in this field causes the record to fail.
  8. Select the Resource record type—for example, MX.
  9. Enter a numerical value for the resource record's time to live or the maximum amount of time it can be cached in the TTL field. A positive integer must make up this value.
  10. Choose the unit of time, such as 30 minutes, from the TTL unit menu.
  11. Fill in the remaining fields based on the resource record type you've chosen.
  12. To enter additional information, click Add item.
  13. Click Create.
create a record

You must add MX records to your Zone if you want to configure SMTP servers to send emails to your domain. See the Setup Google Workspace MX records support page for details on how to configure MX records if you're using Google Workspace. Use the MX record information provided by your provider to follow the exact instructions if you are using a different SMTP provider.

Remove a record

Note that NS (name server) and SOA resource records are located at the zone apex, and that cloud DNS public zones are authoritative. These kinds of records are impossible to erase.

Use these steps to delete a record or record set:

  1. Navigate to the Cloud DNS page in the console.
  2. Go to Cloud DNS
  3. To delete a record set from a zone, click its name. On the Zone details page, records for the Zone are listed.
  4. Select the checkbox next to the record you want to delete.
  5. Click Delete record set.

Cloud DNS server policies🧑‍💻

Any of the following server policies may be defined by a DNS server policy object:

  • a server policy that permits inbound forwarding
  • a policy for outbound servers that names one or more different name servers
  • A server policy for both inbound and outbound traffic

The maximum number of DNS server policies that a VPC network may reference is one. Create a single policy that specifies both an inbound and outbound policy if you need to define both inbound and outbound forwarding for a VPC network.

CNAME chasing🧑‍🎓

CNAME chasing refers to a subsequent lookup of a DNS name returned from a CNAME record answer to an initial query. Public DNS resolvers perform a subsequent lookup of CNAME answers according to their configuration. Generally, public resolvers chase CNAME answers in any public zones.

When Google Cloud VMs use their metadata server ( as their name server, Cloud DNS performs CNAME chasing as described in this table.

CNAME Chasing

Name resolution order

Personal Cloud Zones, server policies, and response policies for DNS can be focused on Google Kubernetes Engine (GKE) clusters or Virtual Private Cloud (VPC) networks (s). Multiple scopes can be applied to DNS resources at once; more specialized scopes, such as GKE clusters, are preferred over less specialized scopes, such as VPC networks.

For the virtual machine (VM) instances that use it, each VPC network (or GKE cluster configured to use Cloud DNS) offers DNS name resolution services. Google Cloud looks for DNS records in the following order (starting with cluster-scoped resources in the case of a GKE cluster) when VMs use their metadata server as their name server:

  1. All DNS requests are forwarded to the alternative servers by Google Cloud if your scope has an outbound server policy. This step is the only one in the name resolution order.
  2. If the scope you're working with lacks an outbound server policy:
    1. In order to find a response policy that matches the requested record as closely as possible, Google Cloud (most extended suffix matching). Response policies either cause resource records to be served with modifications or passthrough behavior. Google Cloud moves on to the following step as if the response policy did not exist if the action is passthru. This holds true even if the policy contains a wildcard record that would cause local data to be served.
    2. Google Cloud looks for a private zone that most closely resembles the requested record (most extended suffix matching). The following is included in this:
      1. Looking up records you've created in private areas
      2. The forwarding targets for forwarding zones are queried.
      3. Utilizing peering zones to inquire about the name resolution hierarchy of another VPC network.
    3. Google Cloud looks up the project's internal DNS records that Compute Engine generated automatically. It should be noted that private zones are only chosen over the automatically generated Compute Engine internal DNS zones if they are strictly more specific.
    4. Google Cloud queries zones that are accessible to the general public using an appropriately configured SOA. This includes the public zones of Cloud DNS.


Assume you have a GKE cluster named cluster-a, two VPC networks named vpc-a and vpc-b, and the scoped resources listed below:

  1. The vpc-a command has permission to query the enumerated private zones. Observe how each entry ends with a dot:
    2. 10.internal
  2. No outbound server or response policies are related to vpc-a.
  3. A private zone called is a private zone that cluster-a may query. Additionally, cluster-a is not linked to any outbound servers or response policies.
  4. A VM in cluster-a can query:
    1. and its offspring, including, are responded to by the private Zone, with cluster-a permission.
    2. 10.internal on vpc-a.
  5. by using the peering zone.
  6. A VM that is not in cluster-a can query:
    1. and children, answered by the private Zone called authorized to vpc-a. Queries, for return internet responses.
    2. 10.internal on vpc-a.
    3. by using the peering zone.

Frequently asked questions❓

What is the cloud?

Simply put, cloud computing as a service is provided by a network, storage, interface, and hardware combination. A company that offers cloud services has its cloud and IT assets managed by a cloud service provider.

What is Cloud DNS?

A cost-effective way to publish your domain names to the global DNS is with Cloud DNS, a high-performance, resilient, and global Domain Name System (DNS) service. DNS is a hierarchical distributed database that enables name-based searches for IP addresses and other data.

What is public DNS used for?

A Domain Name System (DNS) service called Google Public DNS is one that Google provides to Internet users all over the world. A public DNS keeps track of all domain names that are publicly accessible and can be accessed from any device with internet access.

What is private DNS used for?

Only a handful number of people know how to set up a Private DNS for their devices. Private DNS is a secure medium of browsing, enables extensive access to a blocked website, and prevent internet threat.

What is a VPC used for?

A virtual private cloud (VPC) is a private cloud computing environment contained within a public cloud. Essentially, a VPC provisions logically isolated sections of a public cloud in order to provide a virtual private environment.


In this article, we discuss Cloud DNS, zones like public and private zones, how we can add and delete records, cloud server policies, CNAME chasing, and Name resolution order.

Refer to our Guided Path on Coding Ninjas Studio to upskill yourself in Data Structures and AlgorithmsCompetitive ProgrammingJavaScriptSystem DesignMachine learning, and many more! But if you have just started your learning process and are looking for questions asked by tech giants like Amazon, Microsoft, Uber, etc.; you must look at the problemsinterview experiences, and interview bundle for placement preparations.

Nevertheless, you may consider our paid courses to give your career an edge over others!

Do upvote our blogs if you find them helpful and engaging!

Happy Learning!!                                

Thank You
Next article
Cloud CDN
Live masterclass