Console
    Contact Us Start free

    REST Resource: managedZones

    Resource: ManagedZone

    A zone is a subtree of the DNS namespace under one administrative responsibility. A ManagedZone is a resource that represents a DNS zone hosted by the Cloud DNS service.

    JSON representation 
     { 
 "name" 
 : 
 string 
 , 
 "dnsName" 
 : 
 string 
 , 
 "description" 
 : 
 string 
 , 
 "id" 
 : 
 string 
 , 
 "nameServers" 
 : 
 [ 
 string 
 ] 
 , 
 "creationTime" 
 : 
 string 
 , 
 "dnssecConfig" 
 : 
 { 
 object (  DnsSecConfig 
 
) 
 } 
 , 
 "nameServerSet" 
 : 
 string 
 , 
 "visibility" 
 : 
 enum (  Visibility 
 
) 
 , 
 "privateVisibilityConfig" 
 : 
 { 
 object (  PrivateVisibilityConfig 
 
) 
 } 
 , 
 "forwardingConfig" 
 : 
 { 
 object (  ForwardingConfig 
 
) 
 } 
 , 
 "labels" 
 : 
 { 
 string 
 : 
 string 
 , 
 ... 
 } 
 , 
 "peeringConfig" 
 : 
 { 
 object (  PeeringConfig 
 
) 
 } 
 , 
 "reverseLookupConfig" 
 : 
 { 
 object (  ReverseLookupConfig 
 
) 
 } 
 , 
 "serviceDirectoryConfig" 
 : 
 { 
 object (  ServiceDirectoryConfig 
 
) 
 } 
 , 
 "cloudLoggingConfig" 
 : 
 { 
 object (  CloudLoggingConfig 
 
) 
 } 
 , 
 "kind" 
 : 
 string 
 }
    Fields
    name

    string

    User assigned name for this resource. Must be unique within the project. The name must be 1-63 characters long, must begin with a letter, end with a letter or digit, and only contain lowercase letters, digits or dashes.
    dns Name

    string

    The DNS name of this managed zone, for instance "example.com.".
    description

    string

    A mutable string of at most 1024 characters associated with this resource for the user's convenience. Has no effect on the managed zone's function.
    id

    string ( uint64 format)

    Unique identifier for the resource; defined by the server (output only)
    name Servers[]

    string

    Delegate your managedZone to these virtual name servers; defined by the server (output only)
    creation Time

    string

    The time that this resource was created on the server. This is in RFC3339 text format. Output only.
    dnssec Config

    object ( DnsSecConfig )

    DNSSEC configuration.
    name Server Set

    string

    Optionally specifies the NameServerSet for this ManagedZone. A NameServerSet is a set of DNS name servers that all host the same ManagedZones. Most users leave this field unset. If you need to use this field, contact your account team.
    visibility

    enum ( Visibility )

    The zone's visibility: public zones are exposed to the Internet, while private zones are visible only to Virtual Private Cloud resources.
    private Visibility Config

    object ( PrivateVisibilityConfig )

    For privately visible zones, the set of Virtual Private Cloud resources that the zone is visible from.
    forwarding Config

    object ( ForwardingConfig )

    The presence for this field indicates that outbound forwarding is enabled for this zone. The value of this field contains the set of destinations to forward to.
    labels

    map (key: string, value: string)

    User labels.

    An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" } .
    peering Config

    object ( PeeringConfig )

    The presence of this field indicates that DNS Peering is enabled for this zone. The value of this field contains the network to peer with.
    reverse Lookup Config

    object ( ReverseLookupConfig )

    The presence of this field indicates that this is a managed reverse lookup zone and Cloud DNS resolves reverse lookup queries using automatically configured records for VPC resources. This only applies to networks listed under privateVisibilityConfig.
    service Directory Config

    object ( ServiceDirectoryConfig )

    This field links to the associated service directory namespace. Do not set this field for public zones or forwarding zones.
    cloud Logging Config

    object ( CloudLoggingConfig )

    kind

    string

    DnsSecConfig

    JSON representation 
     { 
 "state" 
 : 
 enum (  State 
 
) 
 , 
 "defaultKeySpecs" 
 : 
 [ 
 { 
 object (  DnsKeySpec 
 
) 
 } 
 ] 
 , 
 "nonExistence" 
 : 
 enum (  NonExistenceType 
 
) 
 , 
 "kind" 
 : 
 string 
 }
    Fields
    state

    enum ( State )

    Specifies whether DNSSEC is enabled, and what mode it is in.
    default Key Specs[]

    object ( DnsKeySpec )

    Specifies parameters for generating initial DnsKeys for this ManagedZone. Can only be changed while the state is OFF.
    non Existence

    enum ( NonExistenceType )

    Specifies the mechanism for authenticated denial-of-existence responses. Can only be changed while the state is OFF.
    kind

    string

    State

    Enums
    off DNSSEC is disabled; the zone is not signed.
    on DNSSEC is enabled; the zone is signed and fully managed.
    transfer DNSSEC is enabled, but in a "transfer" mode.

    NonExistenceType

    Enums
    nsec Indicates that Cloud DNS will sign records in the managed zone according to RFC 4034 and respond with NSEC records for names that do not exist.
    nsec3 Indicates that Cloud DNS will sign records in the managed zone according to RFC 5155 and respond with NSEC3 records for names that do not exist.

    Visibility

    Enums
    public Indicates that records in this zone can be queried from the public internet.
    private Indicates that records in this zone cannot be queried from the public internet. Access to private zones depends on the zone configuration.

    PrivateVisibilityConfig

    JSON representation 
     { 
 "networks" 
 : 
 [ 
 { 
 object (  Network 
 
) 
 } 
 ] 
 , 
 "gkeClusters" 
 : 
 [ 
 { 
 object (  GKECluster 
 
) 
 } 
 ] 
 , 
 "kind" 
 : 
 string 
 }
    Fields
    networks[]

    object ( Network )

    The list of VPC networks that can see this zone.
    gke Clusters[]

    object ( GKECluster )

    The list of Google Kubernetes Engine clusters that can see this zone.
    kind

    string

    Network

    JSON representation 
     { 
 "networkUrl" 
 : 
 string 
 , 
 "kind" 
 : 
 string 
 }
    Fields
    network Url

    string

    The fully qualified URL of the VPC network to bind to. Format this URL like https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}

    kind

    string

    GKECluster

    JSON representation 
     { 
 "gkeClusterName" 
 : 
 string 
 , 
 "kind" 
 : 
 string 
 }
    Fields
    gke Cluster Name

    string

    The resource name of the cluster to bind this ManagedZone to. This should be specified in the format like: projects/*/locations/*/clusters/*. This is referenced from GKE projects.locations.clusters.get API: https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters/get

    kind

    string

    ForwardingConfig

    JSON representation 
     { 
 "targetNameServers" 
 : 
 [ 
 { 
 object (  NameServerTarget 
 
) 
 } 
 ] 
 , 
 "kind" 
 : 
 string 
 }
    Fields
    target Name Servers[]

    object ( NameServerTarget )

    managedZones.list of target name servers to forward to. Cloud DNS selects the best available name server if more than one target is given.
    kind

    string

    NameServerTarget

    JSON representation 
     { 
 "ipv4Address" 
 : 
 string 
 , 
 "forwardingPath" 
 : 
 enum (  ForwardingPath 
 
) 
 , 
 "ipv6Address" 
 : 
 string 
 , 
 "kind" 
 : 
 string 
 }
    Fields
    ipv4 Address

    string

    IPv4 address of a target name server.
    forwarding Path

    enum ( ForwardingPath )

    Forwarding path for this NameServerTarget. If unset or set to DEFAULT, Cloud DNS makes forwarding decisions based on IP address ranges; that is, RFC1918 addresses go to the VPC network, non-RFC1918 addresses go to the internet. When set to PRIVATE, Cloud DNS always sends queries through the VPC network for this target.
    ipv6 Address

    string

    IPv6 address of a target name server. Does not accept both fields (ipv4 & ipv6) being populated. Public preview as of November 2022.
    kind

    string

    ForwardingPath

    Enums
    default Cloud DNS makes forwarding decisions based on address ranges; that is, RFC1918 addresses forward to the target through the VPC and non-RFC1918 addresses forward to the target through the internet
    private Cloud DNS always forwards to this target through the VPC.

    PeeringConfig

    JSON representation 
     { 
 "targetNetwork" 
 : 
 { 
 object (  TargetNetwork 
 
) 
 } 
 , 
 "kind" 
 : 
 string 
 }
    Fields
    target Network

    object ( TargetNetwork )

    The network with which to peer.
    kind

    string

    TargetNetwork

    JSON representation 
     { 
 "networkUrl" 
 : 
 string 
 , 
 "deactivateTime" 
 : 
 string 
 , 
 "kind" 
 : 
 string 
 }
    Fields
    network Url

    string

    The fully qualified URL of the VPC network to forward queries to. This should be formatted like https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}

    deactivate Time

    string

    The time at which the zone was deactivated, in RFC 3339 date-time format. An empty string indicates that the peering connection is active. The producer network can deactivate a zone. The zone is automatically deactivated if the producer network that the zone targeted is deleted. Output only.
    kind

    string

    ReverseLookupConfig

    JSON representation 
     { 
 "kind" 
 : 
 string 
 }
    Fields
    kind

    string

    ServiceDirectoryConfig

    Contains information about Service Directory-backed zones.

    JSON representation 
     { 
 "namespace" 
 : 
 { 
 object (  Namespace 
 
) 
 } 
 , 
 "kind" 
 : 
 string 
 }
    Fields
    namespace

    object ( Namespace )

    Contains information about the namespace associated with the zone.
    kind

    string

    Namespace

    JSON representation 
     { 
 "namespaceUrl" 
 : 
 string 
 , 
 "deletionTime" 
 : 
 string 
 , 
 "kind" 
 : 
 string 
 }
    Fields
    namespace Url

    string

    The fully qualified URL of the namespace associated with the zone. Format must be https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace}

    deletion Time

    string

    The time that the namespace backing this zone was deleted; an empty string if it still exists. This is in RFC3339 text format. Output only.
    kind

    string

    CloudLoggingConfig

    Cloud Logging configurations for publicly visible zones.

    JSON representation 
     { 
 "enableLogging" 
 : 
 boolean 
 , 
 "kind" 
 : 
 string 
 }
    Fields
    enable Logging

    boolean

    If set, enable query logging for this ManagedZone. False by default, making logging opt-in.
    kind

    string

    Methods

    create

    		Creates a new ManagedZone.

    delete

    		Deletes a previously created ManagedZone.

    get

    		Fetches the representation of an existing ManagedZone.

    get Iam Policy

    		Gets the access control policy for a resource.

    list

    		Enumerates ManagedZones that have been created but not yet deleted.

    patch

    		Applies a partial update to an existing ManagedZone.

    set Iam Policy

    		Sets the access control policy on the specified resource.

    test Iam Permissions

    		Returns permissions that a caller has on the specified resource.

    update

    		Updates an existing ManagedZone.
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: