Cloud DNS

Cloud DNS is Google Cloud's managed, authoritative DNS service. It translates domain names into IP addresses with high availability, low latency, and a 100% uptime SLA. Cloud DNS supports both public zones (internet-facing) and private zones (internal to your VPC), making it the single DNS solution for all your GCP workloads.

What Is Cloud DNS?

Cloud DNS is a fully managed, authoritative DNS hosting service. You create DNS zones and records, and Google operates the global infrastructure to answer DNS queries. Key features:

100% SLA — Google guarantees 100% availability for authoritative DNS queries.
Global anycast network — queries are answered from the nearest Google edge location.
Scales automatically — handles millions of queries per second without provisioning.
Supports all standard record types — A, AAAA, CNAME, MX, TXT, SRV, NS, SOA, CAA, and more.

Public Zones

A public zone hosts DNS records that are resolvable from the internet. When you register a domain (e.g. example.com), you create a public zone in Cloud DNS and update your domain registrar's nameservers to point to the Cloud DNS nameservers.

Creating a Public Zone

gcloud dns managed-zones create my-zone \
  --dns-name="example.com." \
  --description="Public zone for example.com" \
  --visibility=public

Adding Records

gcloud dns record-sets create www.example.com. \
  --zone=my-zone \
  --type=A \
  --ttl=300 \
  --rrdatas="203.0.113.10"

After creating the zone, update your registrar to use the nameservers listed in the zone's NS record (e.g. ns-cloud-a1.googledomains.com).

Private Zones

A private zone provides DNS resolution only within linked VPC networks. Records in a private zone are not visible from the internet. This is ideal for:

Internal service discovery (e.g. db.internal.example.com)
Private endpoints for Google APIs
Split-horizon DNS (same domain resolves differently internally vs externally)

Creating a Private Zone

gcloud dns managed-zones create internal-zone \
  --dns-name="internal.example.com." \
  --description="Private zone for internal services" \
  --visibility=private \
  --networks=my-vpc

Only resources in the linked VPC (my-vpc) can resolve records in this zone.

DNS Peering

DNS peering forwards DNS queries from one VPC to another VPC's DNS configuration. This is useful in hub-and-spoke architectures where a central VPC manages DNS:

gcloud dns managed-zones create peering-zone \
  --dns-name="shared.example.com." \
  --description="Peers to hub VPC DNS" \
  --visibility=private \
  --networks=spoke-vpc \
  --target-network=hub-vpc

DNS Forwarding

For hybrid environments (cloud + on-premises), you can configure DNS forwarding:

Cloud DNS

Cloud DNS

What Is Cloud DNS?

Public Zones

Creating a Public Zone

Adding Records

Private Zones

Creating a Private Zone

DNS Peering

DNS Forwarding

More in Cloud