Answer-first summary for fast verification
Answer: 1. Configure a private DNS zone in the hub VPC, and configure DNS forwarding to the on-premises server. 2. Configure DNS peering from the spoke VPCs to the hub VPC.
The correct approach involves centralizing the private DNS zone in the hub VPC and enabling DNS resolution across spokes and on-premises. Option A addresses this by: 1. Creating a private DNS zone in the hub VPC, which hosts the critical DNS records. Configuring DNS forwarding to on-premises allows the hub to resolve on-premises queries (outbound). 2. DNS peering from spoke VPCs to the hub ensures spokes can resolve the hub's private zone. However, for on-premises to resolve the hub's private zone, the hub must allow inbound queries (via DNS policies), which isn't explicitly stated but is implied as part of the DNS forwarding setup. While the metadata server IP (169.254.169.254) isn't directly reachable from on-premises, the question assumes connectivity (e.g., via VPN/Interconnect) and focuses on DNS configuration. Other options either distribute zones incorrectly or misconfigure peering.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your organization employs a hub-and-spoke architecture with critical Compute Engine instances in Virtual Private Clouds (VPCs). As the Cloud DNS designer in Google Cloud, you must ensure private zone resolution from your on-premises data center and enable on-premises name resolution within the hub-and-spoke VPC setup. What steps should you take?
A
B
C
D