Console
    Contact Us Start free

    Create a peering zone

    This page provides instructions about how to create a peering zone. For detailed background information, see Peering zones .

    You must be signed in to the Google Cloud console as an Identity and Access Management (IAM) member who has the DNS Peer role ( roles/dns.peer ) to the project that contains the producer VPC network.

    To create a new managed private peering zone when you need one VPC network (the consumer network ) to query the VPC name resolution order of another VPC network (the producer network ), follow these steps.

    Console

    1. In the Google Cloud console, go to the Create a DNS zonepage.

      Go to Create a DNS zone

    2. For the Zone type, select Private.

    3. Enter a Zone namesuch as my-new-zone .

    4. Enter a DNS namesuffix for the private zone. All records in the zone share this suffix, for example: example.private .

    5. Optional: Add a description.

    6. Under Options, select DNS peering.

    7. Select the networks to which the private zone must be visible.

    8. In Peer project, select a peer project.

    9. In Peer network, select a peer network.

    10. Click Create.

    gcloud

    1. In the project that contains the consumer VPC network, identify or create a service account .

    2. Grant the DNS Peer role to the service account (from the previous step) in the project that contains the producer VPC network.

      gcloud projects add-iam-policy-binding PRODUCER_PROJECT_ID 
\
   --member= SERVICE_ACCOUNT 
\
   --role=roles/dns.peer

      Replace the following:

      • PRODUCER_PROJECT_ID : the ID of the project that contains the producer VPC network
      • SERVICE_ACCOUNT : the service account in the project that contains the consumer VPC network that was identified or created in step 1

    3. In the project that contains the consumer VPC network, grant the DNS Administrator role to the service account and create a new managed private peering zone by running the dns managed-zones create command:

      gcloud dns managed-zones create NAME 
\
  --description= DESCRIPTION 
\
  --dns-name= DNS_SUFFIX 
\
  --networks= CONSUMER_VPC_NETWORK 
\
  --account= SERVICE_ACCOUNT 
\
  --target-network= PRODUCER_VPC_NETWORK 
\
  --target-project= PRODUCER_PROJECT_ID 
\
  --visibility=private

      Replace the following:

      • NAME : a name for your zone
      • DESCRIPTION : a description for your zone
      • DNS_SUFFIX : the DNS suffix for your zone, such as example.com
      • CONSUMER_VPC_NETWORK : the name of the consumer VPC network
      • SERVICE_ACCOUNT : the service account in the project that contains the consumer VPC network, identified in step 1
      • PRODUCER_VPC_NETWORK : the name of the producer VPC network
      • PRODUCER_PROJECT_ID : the ID of the project that contains the producer VPC network

    Terraform

     resource "random_id" "zone_suffix" {
  byte_length = 8
}

resource "google_dns_managed_zone" "peering_zone" {
  name        = "peering-zone-${random_id.zone_suffix.hex}"
  dns_name    = "peering.example.com."
  description = "Example private DNS peering zone"

  visibility = "private"

  private_visibility_config {
    networks {
      network_url = google_compute_network.network_source.id
    }
  }

  peering_config {
    target_network {
      network_url = google_compute_network.network_target.id
    }
  }
}

resource "google_compute_network" "network_source" {
  name                    = "network-source"
  auto_create_subnetworks = false
}

resource "google_compute_network" "network_target" {
  name                    = "network-target"
  auto_create_subnetworks = false
}

    What's next
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: