This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to resolve a DNS record created in a private DNS zone in Apigee X ?

Posted on 12-15-2022 04:23 AM
udayjoshi
Staff
Reply posted on --/--/---- --:-- AM

Apigee X southbound networking patterns  has various resources that can help you correctly set up southbound connections, networking etc.

If you are on apigee X, and if you have a host record from the private DNS zone (under the same network used in apigee x), you might encounter below error when you use the private host in proxy as backend.

 

{"fault":{"faultstring":"Unable to resolve host xxxx.private","detail":{"errorcode":"protocol.http.NoResolvedHost","reason":"TARGET_CONNECT_HOST_NOT_REACHABLE"}}}

 

If your private DNS zone is not within the same network as your apigee x, please follow Apigee X southbound networking patterns to enable apigee runtime's connectivity to the backend

If your private DNS zone is within the same network and you need to connect your private DNS zone's host, you can do this by following below.

As per this segment of docs

If you have a Cloud DNS private zone hosted in the Cloud project that is peered with Apigee, you can configure DNS peering to allow Apigee to resolve names in your private zone. By default, private zones are private to the VPC network in which they are hosted. For steps to configure DNS peering between a private DNS zone and Apigee (the service producer), see Share private DNS zones with service producers.

Please note that Private DNS peering is only supported for private zones hosted in the Cloud project that is peered with Apigee. DNS peering with non-peered Cloud projects is not supported.

If the DNS private zone is created in the same vpc network, which is used when you created an Apigee X org, then the apigee-runtime which is hosted on tenant project should be able to access IPs of private DNS zone record sets

Though runtime can hit the IP directly, it will still not be able to resolve the hostname to an IP if its private DNS host record set, hence the error  

{"fault":{"faultstring":"Unable to resolve host xxxx.private","detail":{"errorcode":"protocol.http.NoResolvedHost","reason":"TARGET_CONNECT_HOST_NOT_REACHABLE"}}}

In order to make runtime aware of private dns zone, you will have to dns peer with the service producer.

Sample command as listed at https://cloud.google.com/vpc/docs/configure-private-services-access#dns-peering

 

gcloud services peered-dns-domains create myxdnspeer --network=myxnet --dns-suffix=xxxx.private.

 

Once you enable peering, apigee should be able to resolve the private DNS's recordset

 

2 1 2,173
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
chaganlal
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Getting 

TARGET_CONNECT_TIMEOUT

My apigee is in us-west-1 while GKE is in us-west1-a , i was getting the TARGET_CONNECT_HOST_NOT_REACHABLE but as you suggested after that getting time_out. 

i doubt could be reason of VPC peering or so, but i checked it has auto created the peering apigee to my project and also NEG, LB all looks good

For context : https://stackoverflow.com/questions/76121879/apigee-timeout-not-connecting-to-gke-privately-using-cl...

0 Likes
Top Solution Authors
View all