Explanation:
The correct approach involves creating a private forwarding zone in Cloud DNS for the on-premises domain 'corp.altostrat.com' to forward queries to the on-premises DNS server at 192.168.20.88. The on-premises firewall should be configured to accept traffic from Google's Private Access IP range (35.199.192.0/19), not the VM subnet, as Cloud DNS uses this range for forwarding queries. A custom route advertisement for 35.199.192.0/19 on the Cloud Router ensures that responses are routed back correctly. This setup follows Google-recommended practices by leveraging Cloud DNS's capabilities without requiring manual configuration on Compute Engine instances or using DNS Server Policies.
Ultimate access to all questions.
No comments yet.
You are designing a hybrid cloud setup where your Google Cloud environment connects to an on-premises network via Cloud HA VPN and a default-configured Cloud Router. The on-premises DNS server (192.168.20.88) is behind a firewall, and your Compute Engine instances reside in the 10.204.0.0/24 subnet. These instances must resolve both on-premises private hostnames under the domain corp.altostrat.com and Google Cloud hostnames while adhering to Google's best practices. What is the recommended solution?
A
B
C
D