Free Google Professional Cloud Network Engineer Actual Exam Questions - Question 1 Discussion
on-premises to Google Cloud. While reviewing the deployed architecture, you noticed that DNS
resolution is failing when queries are being sent to the on-premises environment. You log in to a
Compute Engine instance, try to resolve an on-premises hostname, and the query fails. DNS queries
are not arriving at the on-premises DNS server. You need to use managed services to reconfigure
Cloud DNS to resolve the DNS error. What should you do?
C, since forwarding zones need correct routing to ensure queries reach on-prem DNS servers.
This one seems to point towards C for me. If DNS queries aren’t even hitting the on-prem DNS server, the problem could be missing or incorrect routes in the VPC directing traffic to on-prem IPs. Recreating forwarding zones won’t work if the network can’t actually reach the DNS server. So, making sure that routes exist and forwarding zones are correctly set up together makes sense here. Plus, C talks about reviewing existing zones and routes, which is a logical troubleshooting step before adding extra configs like in A.
It’s A. Setting up an outbound forwarding zone with Cloud DNS and advertising routes via Cloud Router is exactly how to handle on-prem DNS resolution in a managed way. Without that, queries won’t reach the on-prem DNS server.
A/C? A covers forwarding plus routing advertisement with managed services, while C checks routes and zones, which is fundamental. Without proper routing, forwarding won’t reach the on-prem DNS anyway.
This one feels like C to me. It specifically talks about checking existing DNS zones and making sure there’s a route in the VPC for the on-prem DNS server IP, which is key if queries aren’t even arriving there. Without the correct routes, forwarding won’t work regardless of VPN or firewall rules. Recreating the forwarding zones also sounds like a solid step to reset any misconfigurations. A looks close but assumes Cloud Router needs to advertise DNS proxy ranges, which might be overkill if routing isn’t sorted first.
Noticed that option A seems to cover both DNS forwarding and routing advertisement, which fits with using managed services like Cloud DNS and Cloud Router. D might work but skips the managed services part, and direct queries from instances to on-prem DNS could be less reliable. So I’d go with A since it sets up forwarding zones properly and handles routing too.
Maybe D, but isn’t it risky to have instances directly query on-prem DNS servers? Shouldn’t Cloud DNS forwarding be set up to handle this instead? The question mentions using managed services, so I’m wondering if D fits that requirement. Also, is there any info on existing network routes or firewall rules between GCP and on-prem? That seems like a key point missing here to fully troubleshoot DNS traffic flow.