Reputation: 31
Unable to resolve Google Cloud DNS Managed Private Zone from Compute
I am using a Google Cloud DNS Managed Private Zone, which is unable to be resolved by Compute instances that are within the network permitted by the zone. I am using two Ubuntu 18.04 LTS standard images. The two instances are on two different subnetworks of the same network, which has been permitted to see the Private zone.
I am using GCloud CLI, and I am signed in and verified through gcloud init with a project selected that I am the Owner for.
I have tried adjusting /etc/resolv.conf to point to the metadata server specifically, however this simply stopped resolution altogether. I was originally using A records in the private zone which didn't work; based on this article https://www.jhanley.com/google-cloud-private-dns-zones/ I tried using CNAME for the [INSTANCE_NAME].[ZONE].c.[PROJECT].internal domain which also didn't work.
The setup I am doing is through GCloud CLI and is as follows:
#!/bin/bash
# gcloud init or gcloud auth activate-service-account must have been previously run
CUSTOMER=test
NETWORK=testnetwork
# configure Cloud DNS - create customer.workshop.local
gcloud dns managed-zones create "${CUSTOMER}internal" \
--dns-name="${CUSTOMER}.workshop.local" --description="A zone" \
--visibility=private --networks="$NETWORK"
# IP is derived through a gcloud compute call but presume it is:
IP=10.10.0.4
gcloud dns record-sets transaction start --zone="${CUSTOMER}internal"
gcloud dns record-sets transaction add "$IP" \
--name="server.${CUSTOMER}.workshop.local." \
--ttl=300 \
--type=A \
--zone="${CUSTOMER}internal"
gcloud dns record-sets transaction execute --zone="${CUSTOMER}internal"
When pinging from my Ubuntu 18.04 LTS machine in a subnetwork 10.10.1.0/24, I get:
david.alexander@jump-ubuntu-01:~$ ping server.test.workshop.local
ping: server.test.workshop.local: Temporary failure in name resolution
Has anyone got any ideas? Cheers!
Upvotes: 1
Views: 1756
Answers (2)
Reputation: 56
Did you already try to do it following the official guide from Google Public documentation:
Creating a private zone through GCloud CLI
Creating a private zone through GUI
Just, I am seeing you missed the project:
gcloud dns --project=test record-sets transaction start --zone=testinternal
gcloud dns --project=test record-sets transaction add 10.10.0.4 --name=test.workshop.local. --ttl=300 --type=A --zone=testinternal
gcloud dns --project=test record-sets transaction execute --zone=testinternal
Upvotes: 0
Reputation: 31
This has turned out to be an issue only with Ubuntu 18.04. Windows doesn't replicate this issue. Edit - CentOS has also been tested and not replicated this issue.
When I created a Windows server in this network and tried name resolution, it worked fine. The Canonical image for Ubuntu 18.04 (i.e. not a custom image) has name resolution to 127.0.0.53 through Netplan by default, and it can't query the Google Metadata server. Dig shows this on a default image - if you specify the metadata server, you are able to resolve the name.
I will log a bug with Canonical about this. Thanks John Hanley, I can't upvote you because you commented rather than answered - if you can ping me about how to do this I can do it.
Cheers!
Upvotes: 1
Related Questions
- GCP Private DNS Zone not taking effect on GKE pods
- GCP: Can't get Compute Engine VMs to contact a specific public DNS name server after applying a DNS outbound forwarding policy
- Cloud DNS failed to load
- Setting up Private DNS in google cloud
- Domain not resolving on Google Cloud DNS
- Cannot create zone in Google Cloud. How to solve this?
- Google Cloud DNS not working for me
- Google Cloud DNS failed to load
- unable to resolve, nslookup REFUSED with Google cloud
- Google Cloud DNS type A not working