Your organization has a Shared VPC host project (SH_HOST_PRJ) containing a single VPC (SH_VPC) and two Shared VPC service projects (SP_ONE_PRJ and SP_TWO_PRJ), each managed by separate teams (TEAM_ONE and TEAM_TWO). The service projects do not have their own VPCs.

You need to design a solution where each team can create and manage private DNS zones and records exclusively in their respective service projects, while ensuring workloads in SP_ONE_PRJ can resolve private zones from SP_TWO_PRJ and vice versa. The solution should minimize setup effort. What should you do?