Cloud DNS
How DNS Works
DNS records Refer Here
Google has DNS as a service offered by Cloud DNS, Cloud DNS supports two types of Zones
Public Zone:
These are accessed from the internet
Private Zone:
This is accesible within private networks (VPC) and can be used in Hybrid environments
Using Cloud Domains we can register a Domain
DNS Zones let you manage DNS Records (bought in Cloud DNS or even external)
Lets create a private zone in a vpc
Lets add necessary firewall rules in vpc to allow ssh and http
Lets create couple of compute engine instances vm-web-1 and vm-web-2
Add A name records to match private ip addresses
Now ping from vm-web-2 to vm.web-2.<your domain>
Private Zone Records can also be forwarded to on-prem DNS
In DNS we need to look into routing policies which we will after the concept of compute
Command Line Activities
Lets try to create a vpc with 3 subnets
web: 192.168.0.0/16 in delhi
app: 192.168.1.0/16 in delhi
db: 192.168.2.0/16 in delhi
Lets try creating the firewall rules
which allow http i.e. TCP port 80 and 443 for all vm instances with tag web
which allow ssh i.e. TCP port 22 for all vm instances with tag linux
which allow rdp i.e. TCP port 3389 for all vm instances with tag windows
Tips:
use –help or use reference Refer Here for figuring out commands
Attempt 1: Try from your workstation
gcloud compute networks create my-vpc `
--subnet-mode=custom `
--bgp-routing-mode=regional
gcloud compute networks subnets create web `
--network=my-vpc `
--range='10.0.0.0/24' `
--region='asia-south1'
gcloud compute networks subnets create app `
--network=my-vpc `
--range='10.0.1.0/24' `
--region='asia-south1'
gcloud compute networks subnets create db `
--network=my-vpc `
--range='10.0.2.0/24' `
--region='asia-south1'
gcloud compute firewall-rules create only-http `
--network=my-vpc `
--allow=tcp:80 `
--direction=IN `
--source-ranges='0.0.0.0/0' `
--target-tags='web'
gcloud compute firewall-rules create only-ssh `
--network=my-vpc `
--allow=tcp:22 `
--direction=IN `
--source-ranges='0.0.0.0/0' `
--target-tags='linux'
gcloud compute firewall-rules create only-rdp `
--network=my-vpc `
--allow=tcp:3389 `
--direction=IN `
--source-ranges='0.0.0.0/0' `
--target-tags='windows'
#!/bin/bash
gcloud compute networks create my-vpc \
--subnet-mode=custom \
--bgp-routing-mode=regional
gcloud compute networks subnets create web \
--network=my-vpc \
--range='10.0.0.0/24' \
--region='asia-south1'
gcloud compute networks subnets create app \
--network=my-vpc \
--range='10.0.1.0/24' \
--region='asia-south1'
gcloud compute networks subnets create db \
--network=my-vpc \
--range='10.0.2.0/24' \
--region='asia-south1'
gcloud compute firewall-rules create only-http \
--network=my-vpc \
--allow=tcp:80 \
--direction=IN \
--source-ranges='0.0.0.0/0' \
--target-tags='web'
gcloud compute firewall-rules create only-ssh \
--network=my-vpc \
--allow=tcp:22 \
--direction=IN \
--source-ranges='0.0.0.0/0' \
--target-tags='linux'
gcloud compute firewall-rules create only-rdp \
--network=my-vpc \
--allow=tcp:3389 \
--direction=IN \
--source-ranges='0.0.0.0/0' \
--target-tags='windows'
Attempt 2- A linux vm on gcp: In this case lets create a service account with compute network admin permissions and attach it to the gcp instance and execute the same commands
