Google Cloud DNS

# CHAPTER 8

Google Cloud DNS #

1. Introduction #

Your highly available web application is running perfectly behind a Load Balancer, but currently, your customers have to type a clunky IP address (like 34.120.45.67) into their browser to reach it. To make your application accessible to humans, you must map that IP address to a memorable domain name (like mycompany.com). In this chapter, we will demystify the Domain Name System (DNS) and utilize Cloud DNS—Google's highly resilient, programmable DNS hosting service—to connect the world to our infrastructure.

2. Learning Objectives #

By the end of this chapter, you will be able to:

• Define the function of the Domain Name System (DNS).

• Understand the purpose of a Managed Zone.

• Differentiate between core DNS Records: A, CNAME, and TXT.

• Create a Cloud DNS Managed Zone.

• Map a custom domain to a GCP Load Balancer or VM IP address.

3. Beginner-Friendly Explanation #

Imagine the Contacts app on your smartphone.

• The IP Address (The Phone Number): Computers only talk in numbers (34.120.45.67). But you cannot memorize 500 different 10-digit phone numbers.

• The Domain Name (The Contact Name): You memorize "Mom" or "Pizza Shop" (google.com or amazon.com).

• Cloud DNS (The Contacts App): When you tap "Mom" in your phone, the Contacts app instantly looks up the hidden phone number and dials it for you. Cloud DNS is the massive address book of the internet. When a user types mycompany.com, Cloud DNS translates it into 34.120.45.67 and routes the traffic to your server.

4. Managed Zones #

In Cloud DNS, a Managed Zone is the container that holds all the DNS records for a specific domain. If you buy the domain example.com, you create a Managed Zone named example.com. Inside that zone, you write the rules for where www.example.com and api.example.com should route.

5. Core DNS Records #

Inside your Managed Zone, you will create specific "Records" to route traffic:

1. 1. A Record (Address Record): The most common. Maps a domain name directly to an IPv4 address. (e.g., example.com -> 34.120.45.67).

1. 2. CNAME Record (Canonical Name): Maps a domain name to *another domain name*, not an IP. (e.g., www.example.com -> routes to -> example.com).

1. 3. TXT Record (Text Record): Used to prove you own the domain. When setting up Google Workspace or verifying domain ownership for SSL certificates, you paste a random string of text into a TXT record.

6. The Domain Registrar vs. Cloud DNS #

This is a critical distinction for beginners:

• Domain Registrar (e.g., Namecheap, GoDaddy): Where you *purchase* the rights to the name mycompany.com for $12 a year.

• Cloud DNS: Where you *manage* the traffic routing for that name.

*The Handshake:* To connect the two, you must log into GoDaddy and change the "Name Servers" to point to Google's Name Servers (e.g., ns-cloud-a1.googledomains.com). This tells GoDaddy: "Let Google handle the traffic routing from now on."

7. Mini Project: Connect a Custom Domain #

Let's route a domain to a Google Cloud server.

Step-by-Step Tutorial: *(Assumption: You have purchased a domain name from a Registrar).*

1. 1. In the GCP Console, navigate to Network Services > Cloud DNS.

1. 2. Click Create Zone.

1. 3. Zone type: Public.

1. 4. Zone name: my-custom-zone.

1. 5. DNS name: Type your exact domain (e.g., mycompany.com). Click Create.

1. 6. Click into your new Managed Zone. You will see an NS (Name Server) record already created. It lists 4 Google domains.

1. 7. The Handshake: Log into your Domain Registrar (GoDaddy/Namecheap). Find "Custom DNS" or "Name Servers". Paste the 4 Google NS addresses there.

1. 8. Go back to GCP Cloud DNS. Click Add Standard.

1. 9. DNS Name: Leave blank (to route the root domain).

1. 10. Resource Record Type: A.

1. 11. IPv4 Address: Paste the External IP address of your VM or Load Balancer. Click Save.

1. 12. Click Add Standard again.

1. 13. DNS Name: Type www.

1. 14. Resource Record Type: CNAME.

1. 15. Canonical name: Type mycompany.com.. Click Save.

1. 16. *The Result:* Within a few minutes (DNS propagation), anyone typing mycompany.com or www.mycompany.com in their browser will successfully reach your Google Cloud architecture!

8. Real-World Scenarios #

A company relies heavily on their website. If their DNS goes offline, the entire company effectively disappears from the internet, even if their servers are running perfectly! By utilizing Google Cloud DNS, they leverage the exact same global infrastructure that hosts google.com. Cloud DNS guarantees a 100% SLA (Service Level Agreement), meaning Google promises it will literally never go offline.

9. Best Practices #

• Private DNS Zones: Cloud DNS isn't just for public websites. You can create Private Zones that only exist *inside* your VPC. Instead of your backend servers talking to each other via internal IP addresses (10.0.1.5), you create a private zone so they can securely communicate using database.internal.mycompany—a name completely invisible to the outside world.

10. Common Mistakes #

• DNS Propagation Panic: Beginners change a DNS record and immediately refresh their browser. When the old website loads, they panic and change the settings again. DNS changes take time to propagate across the globe's internet service providers (from 5 minutes to 24 hours). Be patient, and use tools like whatsmydns.net to verify global propagation before making drastic changes.

11. Exercises #

1. 1. What is the fundamental difference between an A Record and a CNAME Record?

1. 2. Why is a Name Server (NS) update required at your Domain Registrar to utilize Google Cloud DNS?

12. FAQs #

Q: Why should I pay for Cloud DNS when GoDaddy gives me free DNS management? A: Basic registrars often have slow DNS resolution and are vulnerable to DDoS attacks. Cloud DNS offers sub-millisecond global resolution times, infinite scalability, programmable APIs (for automation like Terraform), and Google-grade security protection.

13. Interview Questions #

• Q: Explain the necessity of the Domain Name System (DNS) in web architecture. Detail the roles of the Registrar, the Name Server, and the A Record in resolving a user's web request.

• Q: Contrast the architectural use cases of a Public Managed Zone versus a Private Managed Zone within GCP Cloud DNS. How do Private Zones enhance internal microservice security?

14. Summary #

In Chapter 8, we bridged the gap between machine addresses and human readability. We demystified the Domain Name System, establishing Cloud DNS as our highly resilient global address book. We explored the core routing mechanisms—A Records, CNAMEs, and TXT Records—and successfully executed the "Handshake" required to transfer routing authority from a third-party Registrar directly into our GCP environment, completing the public-facing architecture of our applications.

15. Next Chapter Recommendation #

Virtual Machines are powerful, but they take minutes to boot and are heavy to manage. The modern cloud is built on lightweight containers. Proceed to Chapter 9: Google Kubernetes Engine (GKE).