What is the difference between public and private managed zones?

Public managed zones resolve from the internet and are used for externally facing services. Private managed zones resolve only from authorized VPC networks and are used for internal service discovery. Private zones can override public DNS for split-horizon configurations.

How much does Cloud DNS cost?

Cloud DNS charges per managed zone (approximately $0.20/month for the first 25 zones) and per million queries ($0.40 for the first billion). There is no per-record charge. Private zones have similar pricing with charges for each VPC network they are attached to.

Does Cloud DNS support DNSSEC?

Yes. Cloud DNS supports DNSSEC for public managed zones. When enabled, it automatically signs zone records and manages key rotations. You need to add the DS record to your domain registrar to complete the chain of trust. Private zones do not support DNSSEC.

GCP Cloud DNS Builder

NetworkingGCP

Build Cloud DNS record sets for public and private managed zones.

Cloud DNS Record Set Configuration

Zone Type

Zone Name

The managed zone name in GCP (e.g. "my-zone", not the DNS name)

DNS Name

Fully qualified domain name, must end with a trailing dot

Record Type

Maps a hostname to an IPv4 address, e.g. 192.0.2.1

TTL (seconds)

Record Values (one per line)

Output

Output will appear here...

About This Tool

The GCP Cloud DNS Builder helps you create DNS record set configurations for both public and private managed zones in Google Cloud DNS. It supports A, AAAA, CNAME, MX, TXT, SRV, NS, PTR, and CAA record types with proper TTL settings and record-specific validation. The tool generates gcloud CLI commands and Terraform configurations.

When to Use This Tool

•Building DNS records for a domain hosted in Cloud DNS with proper MX and TXT records for Google Workspace email.
•Creating private DNS zone records for internal service discovery within a VPC network.
•Generating gcloud or Terraform commands for DNS infrastructure-as-code deployments.
•Configuring CAA records to restrict certificate issuance and SPF/DKIM TXT records for email authentication.

Frequently Asked Questions

What is the difference between public and private managed zones?: Public managed zones resolve from the internet and are used for externally facing services. Private managed zones resolve only from authorized VPC networks and are used for internal service discovery. Private zones can override public DNS for split-horizon configurations.
How much does Cloud DNS cost?: Cloud DNS charges per managed zone (approximately $0.20/month for the first 25 zones) and per million queries ($0.40 for the first billion). There is no per-record charge. Private zones have similar pricing with charges for each VPC network they are attached to.
Does Cloud DNS support DNSSEC?: Yes. Cloud DNS supports DNSSEC for public managed zones. When enabled, it automatically signs zone records and manages key rotations. You need to add the DS record to your domain registrar to complete the chain of trust. Private zones do not support DNSSEC.

Related Learning Guides

Cloud DNS Configuration20 min read
GCP Networking Deep Dive30 min read

Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.