1

We are using AWS cloudfront and planning to migrating to Google cloud CDN as we have opted google cloud as the cloud provider. At the moment our DNS is registered with 3rd party provider. However I identified while configuring LB back-end service in google cloud that to enable the backend service with external origin we should do it via google cloud Public DNS . Is there any way I can continue with current DNS provider and migrate to google cloud CDN

Tech User
  • 23
  • 3
  • Have you checked this article [Setting up Cloud CDN with an external origin](https://cloud.google.com/cdn/docs/setting-up-cdn-with-external-origin)? If not, please provide a link to the document you've followed. – Serhii Rohoza Nov 13 '20 at 15:09
  • @SerhiiRohoza https://cloud.google.com/load-balancing/docs/negs/internet-neg-concepts#limitations Please check the limitations . An internet endpoint with an FQDN defined must be resolvable by Google Public DNS. – Tech User Nov 16 '20 at 00:57
  • You don't need to move to Google DNS. Your hostname (domain) just needs to be _resolvable_ - e.g. queryable - by public DNS. An internal hostname that isn't public would not meet this need. – elithrar Nov 16 '20 at 21:19
  • Thanks for the reply. Hostname is public. Could you please give some details? Do I need to change something in my current DNS configuration? – Tech User Nov 17 '20 at 02:14

1 Answers1

0

Please have a look at the documentation again:

An internet endpoint with an FQDN defined must be resolvable by Google Public DNS. Names that cannot be resolved by the public DNS system will not be usable as an internet endpoint.

As a result, yes, you can continue with current DNS provider and migrate to google cloud CDN if your domain name public and can be resolved by the public DNS system. To check it please go here or run commands:

host -a your.fqdn.domain.name 8.8.8.8
host -a your.fqdn.domain.name 8.8.4.4

In addition, please have a look at the documentation section Authenticating requests:

Query the _cloud-eoips.googleusercontent.com DNS TXT record using a tool like dig or nslookup. Note the CIDRs (following ip4:) and ensure these ranges are allowed by your firewall or cloud Access Control List (ACL).

$ dig TXT _cloud-eoips.googleusercontent.com 
...
;; ANSWER SECTION:
_cloud-eoips.googleusercontent.com. 3600 IN TXT "v=spf1 ip4:34.96.0.0/20 ip4:34.127.192.0/18 ~all"

and at the section IP address resolution for FQDN endpoints:

The external HTTP(S) load balancer attempts to connect to the first IP address in the DNS response. If that IP address isn't reachable, the load balancer returns an HTTP 502 (Bad Gateway) response. This is true even if other IP addresses from the DNS response are available.

The external HTTP(S) load balancer uses a DNS resolver in a Google Cloud region that is closest to its client on the internet. If the DNS record for your INTERNET_FQDN_PORT endpoint returns different IP addresses based on the location of the client, make sure that each of those IP addresses can be reached by the load balancer.

So, allow access from 34.96.0.0/20, 34.127.192.0/18 and be sure that IP address in the DNS response are highly available. No special configuration of DNS is needed.

Serhii Rohoza
  • 1,354
  • 2
  • 4
  • 14