Permit custom DHCP options (DNS servers, domain-names)
It would be very helpful if I can specify DHCP options in my networks, minimally the DNS servers. In our use case, we have have a VPN that connects back to our internal network and large amount of infrastructure that does not have external DNS entries. (So the GCP router/DNS server can't see it).
It would be much easier if per-network we can just default these entries instead of fixing /etc/resolv.conf post-dhclient
Similarly, domain-name, search order, NTP would also be useful.
Matt Lesko
shared this idea
Hi folks,
Thanks for the continued input on this item. We are taking a further look at this request, but it is not currently scheduled for implementation (we work in priority order, taking feedback from customers, here, and other sources).
12 comments
-
Chris OB
commented
Can't you use Cloud DNS server policies to set up an alternative nameserver? So your VMs will get the metadata service IP (169.254.169.254) as a DNS resolver, and then the metadata service will forward any DNS requests to a nameserver you configure in the policy.
Refs:
https://cloud.google.com/dns/zones/#using-dns-server-policies
https://medium.com/fourcast-premier-google-cloud-partner/google-cloud-platform-dns-forwarding-is-a-big-thing-for-enterprises-305df0c6cf73
https://cloud.google.com/blog/products/networking/announcing-cloud-dns-forwarding-unifying-hybrid-cloud-naming
https://cloud.google.com/dns/zones/#creating_a_dns_policy_that_enables_an_alternative_name_server
https://cloud.google.com/dns/docs/overview#vpc-name-resolution-order-using-alternate-name-server -
Derek Schauland
commented
This feature would be extremely helpful in the use case of extending Active Directory to GCP. Running an AD Domain entirely in GCP is possible, but extending an existing domain across a VPN to GCP where the existing Domain controllers do not have external IP addresses - nor should they.
-
Hi Arran, why do you say running AD is impossible? We have customers who are doing that. Do you mean it's not possible for the solution you in particular are working on?
-
Vijay Koleti
commented
So this feature is not yet available in GCP yet?
-
Arran Peterson
commented
Running a enterprise active directory with windows domain join members servers isn’t possible. This eliminates GCP discussions with customers that are looking to move out of there existing data centres. All my customers with windows server fleets need Active Directory with integrated DNS. The option to allow the VPC to use custom name servers for internal resolution is a must. I can’t recommend GCP over Azure or AWS for windows workloads.
-
Anonymous
commented
. So Amazon give the ability to set DHCP options like nameservers to use and search suffixes. This allows us to have consistent configs among all our servers vpc/subnet.
-
Chupaka
commented
Also, DHCP Option 121 (Classless routes) so we can push custom routes to additional NICs.
-
David Miller
commented
Yes , this would be useful, as would being able to have .local data in a DNS zone of specificed domain which can be resolved to by company DNS servers
ie we need instances and app engines in the cloud to be able to resolve domains in google cloud and in ourVPN connected subnet/sub domains.
-
Anonymous
commented
would be nice to have parity with competition
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_DHCP_Options.html
This would make it os-independet solution. -
David McNeely
commented
This capability would greatly simplify usage of Active Directory within GCP, since AD joined computers need to find all of the AD DNS entries which is easiest to simply run DNS on AD. But, I want to have new instances automatically point to the AD DNS, not Google DNS.
Most of our Enterprise customers who are migrating to cloud are extending their AD into private IaaS environments and tend to run their own AD as a resource forest with it's own DNS for all VMs. -
Maxim Doucet
commented
also note that you should add "options rotate" in /etc/resolv.conf (this will be preserved even when dhclient is used) so that the OS will try both you DNS servers *and* google DNS servers
-
Maxim Doucet
commented
You can already do this by configuring dhclient (which in turns will modify /etc/resolv.conf). The file to modify is generally "/etc/dhclient-eth0.conf" (at least on CentOS)
It is described here: https://cloud.google.com/compute/docs/networking#internal_dns_and_resolvconf and in "man dhclient.conf"
The idea is to use "prepend domain-search yourdomain" and "append domain-name-servers ip_of_your_dns_server" in "/etc/dhclient-eth0.conf"