You are designing a hybrid cloud setup where your Google Cloud environment connects to an on-premises network via Cloud HA VPN and a default-configured Cloud Router. The on-premises DNS server (192.168.20.88) is behind a firewall, and your Compute Engine instances reside in the 10.204.0.0/24 subnet. These instances must resolve both on-premises private hostnames under the domain corp.altostrat.com and Google Cloud hostnames while adhering to Google's best practices. What is the recommended solution?