GCP Cloud DNS and Cloud CDN

Cloud DNS is GCP's managed, authoritative Domain Name System service. Cloud CDN (Content Delivery Network) is GCP's globally distributed caching layer that delivers content to users from the location nearest to them. Together, these two services make applications faster and more accessible worldwide.

Part 1 – Cloud DNS

What is DNS?

DNS (Domain Name System) is the internet's phone book. When a browser visits www.estudy247.com, it does not know which server to contact. DNS translates that human-readable domain name into a machine-readable IP address like 34.68.100.25.

User types: www.estudy247.com
                │
                ▼
DNS Resolver asks: "What is the IP for www.estudy247.com?"
                │
                ▼
Cloud DNS answers: "It is 34.68.100.25"
                │
                ▼
Browser connects to: 34.68.100.25
                │
                ▼
Web server responds with the website

DNS Record Types

Record TypePurposeExample
AMaps a domain to an IPv4 addressestudy247.com → 34.68.100.25
AAAAMaps a domain to an IPv6 addressestudy247.com → 2001:db8::1
CNAMECreates an alias pointing to another domainwww.estudy247.com → estudy247.com
MXSpecifies mail server for the domainestudy247.com → mail.google.com (priority 10)
TXTStores text data (SPF, domain verification)"v=spf1 include:_spf.google.com ~all"
NSSpecifies authoritative nameserversns1.googledomains.com

Creating a DNS Zone in Cloud DNS

# Create a public DNS zone
gcloud dns managed-zones create estudy247-zone \
  --dns-name=estudy247.com. \
  --description="eStudy247 DNS Zone" \
  --visibility=public

# Add an A record: estudy247.com → 34.68.100.25
gcloud dns record-sets create estudy247.com. \
  --zone=estudy247-zone \
  --type=A \
  --ttl=300 \
  --rrdatas=34.68.100.25

# Add a CNAME: www.estudy247.com → estudy247.com
gcloud dns record-sets create www.estudy247.com. \
  --zone=estudy247-zone \
  --type=CNAME \
  --ttl=300 \
  --rrdatas=estudy247.com.

# List all records in the zone
gcloud dns record-sets list --zone=estudy247-zone

DNS Zone Types

Zone TypeVisibilityUse Case
Public ZoneInternet-accessibleResolve public domain names for websites
Private ZoneVisible only inside a VPCInternal service discovery (db.internal → 10.0.1.5)
Peering ZoneShared across VPC peersResolve internal names across peered VPCs

Private DNS for Internal Services

# Internal DNS: db.internal → Cloud SQL private IP
gcloud dns managed-zones create internal-zone \
  --dns-name=internal. \
  --description="Internal service DNS" \
  --visibility=private \
  --networks=my-app-vpc

gcloud dns record-sets create db.internal. \
  --zone=internal-zone \
  --type=A \
  --ttl=60 \
  --rrdatas=10.0.1.5

# Now any VM in my-app-vpc can connect to the database using:
# mysql -h db.internal -u root -p
# (instead of remembering the IP address)

Part 2 – Cloud CDN

What is a CDN?

A CDN (Content Delivery Network) is a network of cache servers distributed globally. When a user requests a file (image, CSS, JavaScript, video), the CDN serves it from the nearest cache server — called a Point of Presence (PoP) or edge location — instead of traveling all the way to the origin server.

Without CDN:
User in Mumbai ──────────────────────────────▶ Origin Server (Iowa, USA)
                                               (High latency — 200ms+)

With Cloud CDN:
User in Mumbai ──▶ GCP Edge (Mumbai) ──Cache Hit──▶ User gets response
                   (Files cached here)              (Low latency — 5ms)

If Cache Miss:
GCP Edge (Mumbai) ──▶ Origin Server (Iowa) ──▶ Caches the response ──▶ User
                                                  (Next user in Mumbai gets it from cache)

Cache Hit vs Cache Miss

Request 1 (Cache Miss):
User → CDN Edge (Mumbai) → Not cached → Goes to Origin → Returns content
                                                         → CDN stores copy in Mumbai cache

Request 2, 3, 4... (Cache Hit):
User → CDN Edge (Mumbai) → Cached! → Returns instantly (origin not contacted)

Enabling Cloud CDN

Cloud CDN is enabled on a backend service attached to the Global External Application Load Balancer.

# Enable CDN on an existing backend service
gcloud compute backend-services update my-web-backend \
  --enable-cdn \
  --global

# Enable CDN on a Cloud Storage backend bucket
gcloud compute backend-buckets create static-assets-backend \
  --gcs-bucket-name=my-static-bucket \
  --enable-cdn

Cache Control Headers

Cloud CDN respects standard HTTP cache headers from the origin server. Setting these headers correctly controls how long content stays in the CDN cache.

# Cache static assets for 1 year (images, fonts, versioned JS/CSS)
Cache-Control: public, max-age=31536000, immutable

# Cache HTML pages for 5 minutes
Cache-Control: public, max-age=300

# Never cache (user-specific or real-time content)
Cache-Control: private, no-store

Cache Invalidation

When content at the origin changes, cached copies at edge locations need to be invalidated (cleared) so users get fresh content.

# Invalidate all cached files (use with caution — expensive)
gcloud compute url-maps invalidate-cdn-cache my-url-map \
  --path="/*" \
  --global

# Invalidate a specific file
gcloud compute url-maps invalidate-cdn-cache my-url-map \
  --path="/images/logo.png" \
  --global

# Invalidate all JavaScript files
gcloud compute url-maps invalidate-cdn-cache my-url-map \
  --path="/static/js/*" \
  --global

Signed URLs for Private CDN Content

By default, CDN-cached content is public. Signed URLs allow serving private cached content (like paid course videos) that expires after a set time.

CDN Signed URL Flow:
Application Server generates a signed URL with expiry time
        │
        ▼
User receives URL: https://cdn.mysite.com/video.mp4?Expires=1705000000&Signature=...
        │
        ▼
User requests the signed URL before expiry → CDN serves video
        │
        ▼
URL expires → CDN rejects the request → User must get a new signed URL

DNS + CDN Together

Full Request Flow:
User types: www.estudy247.com/course/gcp/
        │
        │ Step 1: DNS lookup
        ▼
Cloud DNS → Returns CDN/Load Balancer IP
        │
        │ Step 2: HTTP request reaches GCP edge
        ▼
Cloud CDN Edge (nearest city)
        │
        │ Cache Hit?
        ├── Yes → Serve cached page instantly ✓
        └── No  → Forward to Load Balancer → App Server → Cache & Serve

Key Takeaways

  • Cloud DNS translates domain names into IP addresses with low latency and 100% SLA.
  • DNS record types include A (IPv4), CNAME (alias), MX (email), and TXT (verification).
  • Private DNS zones resolve internal service names within a VPC — no public exposure needed.
  • Cloud CDN caches content at GCP edge locations worldwide to reduce latency and origin load.
  • Cache-Control headers from the origin server control CDN caching behavior.
  • Cache invalidation clears stale CDN content when origin files change.
Previous lessons
Back to courses
Next lessons

Leave a Comment