REST Resource: policies

Resource: Policy

A policy is a collection of DNS rules applied to one or more Virtual Private Cloud resources.

JSON representation
{ "id": string, "name": string, "enableInboundForwarding": boolean, "description": string, "networks": [ { object (Network) } ], "alternativeNameServerConfig": { object (AlternativeNameServerConfig) }, "enableLogging": boolean, "dns64Config": { object (Dns64Config) }, "kind": string }
Fields
id

string (uint64 format)

Unique identifier for the resource; defined by the server (output only).

name

string

User-assigned name for this policy.

enableInboundForwarding

boolean

Allows networks bound to this policy to receive DNS queries sent by VMs or applications over VPN connections. When enabled, a virtual IP address is allocated from each of the subnetworks that are bound to this policy.

description

string

A mutable string of at most 1024 characters associated with this resource for the user's convenience. Has no effect on the policy's function.

networks[]

object (Network)

policies.list of network names specifying networks to which this policy is applied.

alternativeNameServerConfig

object (AlternativeNameServerConfig)

Sets an alternative name server for the associated networks. When specified, all DNS queries are forwarded to a name server that you choose. Names such as .internal are not available when an alternative name server is specified.

enableLogging

boolean

Controls whether logging is enabled for the networks bound to this policy. Defaults to no logging if not set.

dns64Config

object (Dns64Config)

Configurations related to DNS64 for this policy.

kind

string

Network

JSON representation
{ "networkUrl": string, "kind": string }
Fields
networkUrl

string

The fully qualified URL of the VPC network to bind to. This should be formatted like https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}

kind

string

AlternativeNameServerConfig

JSON representation
{ "targetNameServers": [ { object (TargetNameServer) } ], "kind": string }
Fields
targetNameServers[]

object (TargetNameServer)

Sets an alternative name server for the associated networks. When specified, all DNS queries are forwarded to a name server that you choose. Names such as .internal are not available when an alternative name server is specified.

kind

string

TargetNameServer

JSON representation
{ "ipv4Address": string, "forwardingPath": enum (ForwardingPath), "ipv6Address": string, "kind": string }
Fields
ipv4Address

string

IPv4 address to forward queries to.

forwardingPath

enum (ForwardingPath)

Forwarding path for this TargetNameServer. If unset or set to DEFAULT, Cloud DNS makes forwarding decisions based on address ranges; that is, RFC1918 addresses go to the VPC network, non-RFC1918 addresses go to the internet. When set to PRIVATE, Cloud DNS always sends queries through the VPC network for this target.

ipv6Address

string

IPv6 address to forward to. Does not accept both fields (ipv4 & ipv6) being populated. Public preview as of November 2022.

kind

string

ForwardingPath

Enums
default Cloud DNS makes forwarding decision based on IP address ranges; that is, RFC1918 addresses forward to the target through the VPC and non-RFC1918 addresses forward to the target through the internet
private Cloud DNS always forwards to this target through the VPC.

Dns64Config

DNS64 policies

JSON representation
{ "scope": { object (Scope) }, "kind": string }
Fields
scope

object (Scope)

The scope to which DNS64 config will be applied to.

kind

string

Scope

JSON representation
{ "allQueries": boolean, "kind": string }
Fields
allQueries

boolean

Controls whether DNS64 is enabled globally for all networks bound to the policy.

kind

string

Methods

create

Creates a new policy.

delete

Deletes a previously created policy.

get

Fetches the representation of an existing policy.

list

Enumerates all policies associated with a project.

patch

Applies a partial update to an existing policy.

update

Updates an existing policy.