This document describes the benefits and recommended approach for migratingyour workloads and organization from global DNS to zonal DNS.

Zonal DNS mitigates the risk of cross-regional outages and improvesthe overall reliability of your projects on Compute Engine.

Benefits of using zonal DNS names

Google Cloud offers two types of internal DNS names: zonal and global.

Zonal DNS

Zonal DNS names include the name of your Compute Engine instance, thezone where your instance is located, and the project that owns the instance.These names are resolved within a specific zone. As a result,my-vm.zone1.google.com is unique tozone1 and is represents a differentinstance thanmy-vm.zone2.google.com. This isolation provides a key benefit:

• Improved availability: If one zone experiences an outage, it doesn'taffect DNS resolution in other zones, leading to higher availability foryour applications.

Zonal DNS is the default internal DNS resolution method for organizationsthat were created after September 6, 2018.

Global DNS

Global DNS names don't include the zone where the instance is located. Thismeans each instance must have a unique DNS name acrossall zones within yourproject. This approach has a significant drawback:

• Single point of failure: If the global DNS service experiences issues,it can impact all your instances, regardless of the zone they are locatedin. This can cause the following problems:
  • Unable to create new instances: You might be unable to create newinstances in any region that is experiencing control plane failures.
  • Service disruptions: Critical Compute Engine services such asautoscaling or autohealing for managed instance groups (MIGs) might notfunction correctly.

Organizations onboarded to Google Cloud before September 6, 2018, are configuredto use global DNS by default for any new projects. Google strongly recommendsmigrating these projects to zonal DNS to enhance reliability and prevent theservice disruptions mentioned previously. Additionally, you should update theorganizational policy toenforce the use of zonal DNSfor all new projects created within the organization.

• App Engine flexible environment,Google Kubernetes Engine, andContainers running on Compute Engine
• Cloud SQL,Cloud Run functions, andBatch
• Dataproc andDataflow

Migration limitations

The readiness assessment that Compute Engine provides relies on the past30 days of internal DNS query history. However, other factors might affect yourability to successfully migrate to zonal DNS:

glibc Version

Migrating to zonal DNS adds a new domain to the search path. Computeinstances that run a Linux or Unix OS and useglibc version 2.25 orearlier have a limit of 6 search domains. Exceeding this limit can causeissues.

• Affected instances: This limitation applies to VMs using older Linux orUnix distributions.
• Unaffected instances: Instances that the following operating systemsare not affected:
  • Windows
  • Container-Optimized OS
  • Debian 10 or later
  • Fedora CoreOS (version 27 or later)
  • RHEL 8 or later
  • Ubuntu 18.04 or later
  • Custom images that useglibc version 2.26 or later

To check the glibc version used by your instance, do the following:

1. Connect to your Linux VM.
2. Run theldd --version command.

If your instance is usingglibc version 2.25 or earlier, check the searchdomains:

1. Connect to your Linux VM.
2. Run the commandcat /etc/resolv.conf.

OS version

Some operating systems, such as, Windows Server 2003 and earlier, have a limitof 15 characters for compute instance names. Zonal DNS adds the zonalqualifier to the internal DNS fully qualified domain name (FQDN).

The naming limitation on Windows is a result of the NetBIOS naming conventionused in earlier versions of the OS. Newer Windows versions have moved away fromthis restriction and allow longer instance names.

If you're working with legacy Windows systems, keep the naming limitation inmind when migrating to zonal DNS, because the longer zonal DNS names mightexceed this name length limit.

Shared VPC Networks

To resolve DNS names of instances in service projects that useShared VPC, you must use the zonal Fully Qualified Domain Name (FQDN),which includes the zone.

What's next

• Review theGoogle Cloud resource hierarchy forinformation about the relationship between organizations, folders, and projects.
• Learn more aboutinternal DNS for Compute Engine.