Answer-first summary for fast verification
Answer: 1. Create a private forwarding zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com that points to 192.168 20.88. 2. Configure your on-premises firewall to accept traffic from 35.199.192.0/19 3. Set a custom route advertisement on the Cloud Router for 35.199.192.0/19.
The correct approach involves creating a private forwarding zone in Cloud DNS for the on-premises domain 'corp.altostrat.com' to forward queries to the on-premises DNS server at 192.168.20.88. The on-premises firewall should be configured to accept traffic from Google's Private Access IP range (35.199.192.0/19), not the VM subnet, as Cloud DNS uses this range for forwarding queries. A custom route advertisement for 35.199.192.0/19 on the Cloud Router ensures that responses are routed back correctly. This setup follows Google-recommended practices by leveraging Cloud DNS's capabilities without requiring manual configuration on Compute Engine instances or using DNS Server Policies.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You are designing a hybrid cloud setup where your Google Cloud environment connects to an on-premises network via Cloud HA VPN and a default-configured Cloud Router. The on-premises DNS server (192.168.20.88) is behind a firewall, and your Compute Engine instances reside in the 10.204.0.0/24 subnet. These instances must resolve both on-premises private hostnames under the domain corp.altostrat.com and Google Cloud hostnames while adhering to Google's best practices. What is the recommended solution?
A
B
C
D