Cloud DNS
- How DNS Works
- DNS records Refer Here
- Google has DNS as a service offered by Cloud DNS, Cloud DNS supports two types of Zones
- Public Zone:
- These are accessed from the internet
- Private Zone:
- This is accesible within private networks (VPC) and can be used in Hybrid environments
- Public Zone:
- Using Cloud Domains we can register a Domain
- DNS Zones let you manage DNS Records (bought in Cloud DNS or even external)
- Lets create a private zone in a vpc
- Lets add necessary firewall rules in vpc to allow ssh and http
- Lets create couple of compute engine instances vm-web-1 and vm-web-2
- Add A name records to match private ip addresses
- Now ping from vm-web-2 to
vm.web-2.<your domain> - Private Zone Records can also be forwarded to on-prem DNS
- In DNS we need to look into routing policies which we will after the concept of compute
Command Line Activities
- Lets try to create a vpc with 3 subnets
- web: 192.168.0.0/16 in delhi
- app: 192.168.1.0/16 in delhi
- db: 192.168.2.0/16 in delhi
- Lets try creating the firewall rules
- which allow http i.e. TCP port 80 and 443 for all vm instances with tag web
- which allow ssh i.e. TCP port 22 for all vm instances with tag linux
- which allow rdp i.e. TCP port 3389 for all vm instances with tag windows
- Tips:
- use –help or use reference Refer Here for figuring out commands
- Attempt 1: Try from your workstation
gcloud compute networks create my-vpc `
--subnet-mode=custom `
--bgp-routing-mode=regional
gcloud compute networks subnets create web `
--network=my-vpc `
--range='10.0.0.0/24' `
--region='asia-south1'
gcloud compute networks subnets create app `
--network=my-vpc `
--range='10.0.1.0/24' `
--region='asia-south1'
gcloud compute networks subnets create db `
--network=my-vpc `
--range='10.0.2.0/24' `
--region='asia-south1'
gcloud compute firewall-rules create only-http `
--network=my-vpc `
--allow=tcp:80 `
--direction=IN `
--source-ranges='0.0.0.0/0' `
--target-tags='web'
gcloud compute firewall-rules create only-ssh `
--network=my-vpc `
--allow=tcp:22 `
--direction=IN `
--source-ranges='0.0.0.0/0' `
--target-tags='linux'
gcloud compute firewall-rules create only-rdp `
--network=my-vpc `
--allow=tcp:3389 `
--direction=IN `
--source-ranges='0.0.0.0/0' `
--target-tags='windows'
#!/bin/bash
gcloud compute networks create my-vpc \
--subnet-mode=custom \
--bgp-routing-mode=regional
gcloud compute networks subnets create web \
--network=my-vpc \
--range='10.0.0.0/24' \
--region='asia-south1'
gcloud compute networks subnets create app \
--network=my-vpc \
--range='10.0.1.0/24' \
--region='asia-south1'
gcloud compute networks subnets create db \
--network=my-vpc \
--range='10.0.2.0/24' \
--region='asia-south1'
gcloud compute firewall-rules create only-http \
--network=my-vpc \
--allow=tcp:80 \
--direction=IN \
--source-ranges='0.0.0.0/0' \
--target-tags='web'
gcloud compute firewall-rules create only-ssh \
--network=my-vpc \
--allow=tcp:22 \
--direction=IN \
--source-ranges='0.0.0.0/0' \
--target-tags='linux'
gcloud compute firewall-rules create only-rdp \
--network=my-vpc \
--allow=tcp:3389 \
--direction=IN \
--source-ranges='0.0.0.0/0' \
--target-tags='windows'
- Attempt 2- A linux vm on gcp: In this case lets create a service account with compute network admin permissions and attach it to the gcp instance and execute the same commands
. Todo
