Reputation: 1510
DNS resolution for AWS resources on GCP(after establish VPN connection between them)
I have successfully built a VPN connection between gcp and aws using the following guide(https://cloud.google.com/solutions/automated-network-deployment-multicloud).
I can currently ping the resources on the other cloud providers based on the private IP. However, I would like to use the dns resolution that resolves to private IP of the AWS resource DNS names. Can someone please help me with this?. Using DNS server policy may not be the best of options for me as it points to alternative name server only and not the gcp’s internal name servers anymore. So how can I use forwarding zones in gcp for DNS names such as database-test.c34fdgt1ascxz.us-west-1.rds.amazonaws.com so that it resolves to private IP. The above example is for database which I have not made public. Has someone done this already? Or does anyone have any idea on how to go about this. Any help is much appreciated, thank you so much.
Upvotes: 2
Views: 2682
Answers (2)
Reputation: 180
It is possible.
If your goal is to configure outbound forwarding to AWS, then you should remove this policy you just need a Cloud DNS managed zone to accomplish this. The DNS queries that are forwarded from GCP to AWS will come from the 35.199.192.0/19 address block.
The 35.199.192.0/19 traffic can be routed over a dynamic VPN tunnel dynamic (BGP), so you would just need to modify your AWS VPN gateway or router by adding a route that to reach 35.199.192.0/19.
It looks like a public address block, but Google uses this block only for forwarding, and does not announce it on the public Internet. And finally, AWS needs to be configured so that responses to DNS queries from 35.199.192.0/19 are routed back to GCP using the VPN tunnel configured between AWS and GCP.
In other words, this traffic needs to go through the VPN tunnel. To debug it you can use stackdriver logging and also by checking network captures on both endpoints.
Check this documentation guides: Creating Forward zones1 and DNS forwarding2.
Upvotes: 1
Reputation: 607
You can't resolve AWS private IP addresses by submitting the AWS public endpoint to GCP's DNS. That just wont work.
AWS uses a service called Route53 resolver that will forward requests that can't be resolved internally to an external DNS server that you specify. We use this in our env's to resolve on-prem corp IP's that are not part of Route53. I have not tried this, but it's possible you can use that to point to GCP DNS.
Upvotes: 0
Related Questions
- GCP: How to do DNS Peering between 2 VPCs that use VPC Peering in the same project
- How to update Google Cloud DNS with ephemeral IP for an instance
- GCP Private DNS Zone not taking effect on GKE pods
- DNS forwarding is not working in VPC which have peered from another vpc which hold all networking to access resource on VPN
- GCP Cloud DNS won't resolve Namecheap dns
- Ping between aws and gcp
- How to access a network though peering in GCP-AWS vpn?
- Use on-prem DNS servers inside a VPC
- Connect GCP to AWS avoiding IP clashes while creating a new VPN
- Cloud DNS with OpenVPN not resolving on client