This document guides you through creating DNS records to manage how traffic reaches your applications and services within Google Distributed Cloud (GDC) air-gapped. DNS records let you map a domain name to a specific resource so that you can give users access to an application, manage service aliases, verify ownership, enable reverse lookup, or route email. The intended audience for this document is platform administrators and application operators responsible for managing DNS records within a project.
After you have created your DNS zone, you can create different types of DNS records to point your domain names and subdomains to your services. You can create the following DNS record types in GDC:
- Address (A) record: maps a domain name to one or more IPv4 addresses. This record is the most fundamental record type for pointing a domain to a server.
- Canonical Name (CNAME) record: creates an alias of one domain name to another canonical (authoritative) domain name. This record type is useful for redirecting traffic or simplifying DNS management.
- Text (TXT) record: lets you associate arbitrary text with a domain name. These records are often used for verification purposes or to store information like Sender Policy Framework (SPF) records for email authentication.
- Pointer (PTR) record: maps an IP address back to a domain name, also known as reverse DNS lookup. This record is often used for email server reputation and logging analysis.
- Mail Exchanger (MX) record: specifies the mail servers responsible for accepting email for a domain. This is essential for setting up email services.
GDC doesn't support setting Name Server (NS) or Start of Authority (SOA) records for a domain.
Before you begin
To create DNS records in GDC, you must have the following:
- An existing public or private DNS zone. For more information, see Create DNS zones.
- The necessary identity and access roles. To manage DNS records for your
project, ask your Project IAM Admin to grant you the
Managed DNS Project Admin (
managed-dns-project-admin) role. - A kubeconfig file for the global API server. If you have not yet generated this file, see Sign in. For more information, see Global and zonal API servers.
Create a DNS record
Create and apply a
ResourceRecordSetresource to create a DNS record within an existing managed DNS zone:kubectl --kubeconfig GLOBAL_API_SERVER apply -f - <<EOF apiVersion: networking.global.gdc.goog/v1 kind: ResourceRecordSet metadata: name: RESOURCE_RECORD_NAME namespace: PROJECT_NAMESPACE spec: name: RESOURCE_RECORD_FQDN ttlSeconds: TIME_TO_LIVE type: RR_TYPE rrData: - RECORD_DATA dnsZone: DNS_ZONE_NAME EOFReplace the following:
GLOBAL_API_SERVER: the path to the global API server's kubeconfig file. If you have not yet generated this file, see Sign in.PROJECT_NAMESPACE: the namespace of your project.RESOURCE_RECORD_NAME: your chosen unique name for thisResourceRecordSetresource within the namespace, such ascname.system.example.comRESOURCE_RECORD_FQDN: the fully qualified domain name (FQDN) for the record, such asanother.ai.system.example.com.TIME_TO_LIVE: the time to live (TTL) in seconds for this record. This field is optional. The default value is300.RR_TYPE:the type of thisResourceRecordSet. The options are:A,CNAME,TXT,PTR, andMXRECORD_DATA: the data for all resource records in the RRset. Each entry represents a separate resource record. Here are some examples depending on the record type:Arecord: the IP address thisArecord points to:
type: A rrData: - 10.6.7.8CNAMErecord: the target domain name for thisCNAMErecord:
type: CNAME rrData: - "ai.system.example.com"TXTrecord: the text data for thisTXTrecord:
type: TXT rrData: - "Example text"PTRrecord: the domain name thisPTRrecord points to, for reverse DNS lookup of an IP address:
type: PTR rrData: - "8.7.6.10.in-addr.arpa."MXrecord: the priority and the hostname of the mail server:
type: MX rrData: - "10 mail.example.com."DNS_ZONE_NAME: the name of theManagedDNSZonecustom resource where this record is added. For more information, see Create DNS zones.