Google Cloud Professional Cloud Network Engineer — Question 117

Your organization uses a hub-and-spoke architecture with critical Compute Engine instances in your Virtual Private Clouds (VPCs). You are responsible for the design of Cloud DNS in Google Cloud. You need to be able to resolve Cloud DNS private zones from your on-premises data center and enable on-premises name resolution from your hub-and-spoke VPC design. What should you do?

Answer options

• A. 1. Configure a private DNS zone in the hub VPC, and configure DNS forwarding to the on-premises server. 2. Configure DNS peering from the spoke VPCs to the hub VPC.
• B. 1. Configure a DNS policy in the hub VPC to allow inbound query forwarding from the spoke VPCs. 2. Configure the spoke VPCs with a private zone, and set up DNS peering to the hub VPC.
• C. 1. Configure a DNS policy in the spoke VPCs, and configure your on-premises DNS as an alternate DNS server. 2. Configure the hub VPC with a private zone, and set up DNS peering to each of the spoke VPCs.
• D. 1. Configure a DNS policy in the hub VPC, and configure the on-premises DNS as an alternate DNS server. 2. Configure the spoke VPCs with a private zone, and set up DNS peering to the hub VPC.

Correct answer: A

Explanation

Option A is correct because it involves configuring a private DNS zone in the hub VPC and enabling DNS forwarding to the on-premises server, which is essential for resolving private zones. The other options either misconfigure the DNS policies or fail to establish the necessary DNS forwarding and peering effectively to meet the stated requirements.