Two VPC networks, prod-vpc and tools-vpc, are connected with VPC Network Peering. An internal TCP load balancer in prod-vpc listens on 10.20.0.50. Engineers in both networks need to reach the service by using the private name api.internal.corp.example, and the solution should involve the fewest separate DNS resources to maintain while keeping the record unreachable from the public Internet. What should you do?
Configure a forwarding zone in each VPC that forwards corp.example queries to the Cloud DNS resolver address range 35.199.192.0/19.
Create a Cloud DNS private managed zone corp.example in prod-vpc and a DNS peering zone in tools-vpc that forwards queries to the private zone.
Create one Cloud DNS private managed zone corp.example in prod-vpc, add an A record api.internal that resolves to 10.20.0.50, and associate both VPC networks with the zone.
Create a public managed zone corp.example and add an A record for api.internal that points to 10.20.0.50.
Because the name must stay private, the DNS zone cannot be public. A single Cloud DNS private managed zone for corp.example can serve multiple VPC networks. By adding the A record api.internal that points to 10.20.0.50 and associating both prod-vpc and tools-vpc with the same zone, all instances resolve the name without additional forwarding or peering zones. Creating a public zone would expose the record publicly, while using a DNS peering or separate forwarding zones adds extra resources and operational overhead, contradicting the requirement to minimize administration.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Cloud DNS private managed zone?
Open an interactive chat with Bash
How does VPC Network Peering work with DNS in Google Cloud?
Open an interactive chat with Bash
Why is a public managed zone not suitable for internal services?
Open an interactive chat with Bash
What is a Cloud DNS private managed zone?
Open an interactive chat with Bash
How does VPC Network Peering work in GCP?
Open an interactive chat with Bash
Why is using a single Cloud DNS private managed zone better than forwarding or peering zones?
Open an interactive chat with Bash
GCP Associate Cloud Engineer
Ensuring successful operation of a cloud solution
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .