GCP: How to do DNS Peering between 2 VPCs that use VPC Peering in the same project

Question

In Google Cloud Platform, how do I set up private DNS Peering between two VPCs that are connected with VPC Peering, but reside in the same project?

I have one project my-project and two VPC networks: blue and pink. The two VPCs are peered. I want VMs on blue to be able to reach VMs on pink by their internal name, such as pink-vm.us-west1-b.c.my-project.internal, and vice versa.

If I set up 1 private DNS Peering zone for my-project.internal on the pink network and peer it to the blue network, I can reach instances on blue by name from pink. Success! But I still cannot reach instances on pink from blue.

Now, if I set up a second DNS Peering zone on the blue network (also set to my-project.internal), nothing works anymore. I get the following error when I try to ping:

me@blue-vm$ ping pink-vm.us-west1-b.c.my-project.internal
ping: pink-vm.us-west1-b.c.my-project.internal: Temporary failure in name resolution

It seems like the 2 reciprocal DNS Peering zones can't work together. They are peering blue to pink and pink to blue each under the domain my-project.internal. How can I make it so that my peered VPCs in the same project can resolve names in each other's network?

Answer 1

Just to make it clear, DNS peering and VPC network peering are different services. DNS peering can be used in conjunction with VPC network peering, but VPC network peering is not required for DNS peering.

DNS peering is a one-way relationship. That is why DNS queries don’t work when you add the second DNS peering blue -> pink. DNS peering doesn’t support bi-directional DNS queries as stated on the public documentation: https://cloud.google.com/dns/docs/overview#dns_peering_limitations