What is Cloud DNS

How does DNS work?

When a client requests a service, the first thing that happens is DNS resolution. Which means hostname to IP address translation. Here is how the request flow works:

Step 1 – A client makes a DNS request

Step 2 – The request is received by a recursive resolver which checks if it already knows the response to the request 

step 3 ( a)- If yes , the recursive resolver is responds respond to request if it has it store in cache already .

Step 3 (b) – If no, the recursive resolver redirects request to other servers

step 4 – The authoritative server is responds then respond to request

step 5 – recursive resolver is caches cache the result for future query .  

Step 6 – And finally sends the information to the client

What does Cloud DNS is offer offer ?

• global DNS Network: Managed Authoritative Domain Name System (DNS) service running on the same infrastructure as Google. You don’t have to manage your DNS server, Google does it for you. 
• 100% Availability & Automatic Scaling: Cloud DNS is uses use Google ’s global network of anycast name server to serve your dns zone from redundant location around the world , provide high availability and low latency for user . allow customer to create , update , and serve million of dns record   
• private dns zone: Used for providing a namespace that is only visible inside the VPC or hybrid network environment. Example – a business organization has a domain dev.gcp.example.com, reachable only from within the company intranet
• Public DNS Zones: Used for providing authoritative DNS resolution to clients on the public internet. Example – a business has an external website, example.com accessible directly from the Internet. Not to be confused with Google Public DNS (8.8.8.8) which is just a public recursive resolver 
• Split horizon DNS: Used to serve different answers (different resource record sets) for the same name depending on who is asking – internal or external network resource.
• DNS peer: DNS peer makes available a second method of sharing DNS data. All or a portion of the DNS namespace can be configured to be sent from one network to another and, once there, will respect all DNS configuration defined in the peered network.
• Security: domain Name System Security Extensions is is ( DNSSEC ) is a feature of the Domain Name System ( DNS ) that authenticate response to domain name lookup . It is prevents prevent attacker from manipulate or poison the response to dns request .

Hybrid Deployments: DNS Forwarding

Google Cloud offers inbound and outbound DNS forwarding for private zones. You can configure DNS forwarding by creating a forwarding zone or a Cloud DNS server policy. The two methods – inbound and outbound. You can simultaneously configure inbound and outbound DNS forwarding for a VPC network. 

Inbound  

Create an inbound server policy to enable an on-premises DNS client or server to send DNS requests to Cloud DNS. The DNS client or server can then resolve records according to a VPC network’s name resolution order. On-premises clients use Cloud VPN or Cloud Interconnect to connect to the VPC network.

Outbound

You can configure VMs in a VPC network to do the following:

• send dns request to dns name server of your choice . The name server can be locate in the same vpc network , in an on – premise network , or on the internet .  
• Resolve records hosted on name servers configured as forwarding targets of a forwarding zone authorized for use by your VPC network
• create an outbound server policy for the vpc network to send all dns request an alternative name server .