logo

GCP - DNS

What are *.google.internal names?

In the context of Google Cloud Platform (GCP), *.google.internal names refer almost exclusively to the Metadata Server.

While your VM instances have their own internal DNS names, those typically end in .internal (not .google.internal). The google.internal domain is reserved for critical infrastructure services that your VM needs to talk to.

The most important and common name you will see is: metadata.google.internal

  • What it is: This is the hostname for the GCP Metadata Server.
  • What it does: It acts as a "fileserver" for your VM, providing information about the instance itself.
  • Usage: You use it to retrieve:
    • Credentials: Access tokens for Service Accounts (so your code can talk to Cloud Storage or BigQuery without hard-coded keys).
    • Configuration: Startup scripts, custom metadata, and environment variables.
    • Identity: The instance's ID, hostname, and zone.

How are they resolved?

The resolution process relies on a special DNS setup inside every Google Compute Engine VM.

Step 1: The Local Resolver (/etc/resolv.conf)

When a VM boots, Google's DHCP server configures the VM's DNS settings. If you look at /etc/resolv.conf on a Linux VM, you will usually see:

nameserver 169.254.169.254
search c.[PROJECT-ID].internal google.internal
  • nameserver 169.254.169.254: This tells the OS to send all DNS queries to this specific IP address.
  • search ... google.internal: This allows you to just type ping metadata and the OS will automatically try metadata.google.internal.

Step 2: The Metadata Server (The "Magic" DNS)

The IP 169.254.169.254 is a link-local address that routes directly to the Metadata Server running on the hypervisor (the physical machine hosting your VM).

When you query metadata.google.internal:

  1. Your VM sends a DNS packet to 169.254.169.254.
  2. The Metadata Server intercepts this packet.
  3. It recognizes the request for metadata.google.internal and immediately responds with its own IP (169.254.169.254) or the internal IP of the requested resource.

Step 3: Cloud DNS (For other names)

If you try to resolve a VM hostname (like db-server.c.my-project.internal):

  1. The query still goes to 169.254.169.254.
  2. The Metadata Server checks Google's internal Cloud DNS records for your VPC network.
  3. It returns the private, internal IP address of that VM.

Summary

Hostname Ends with... Purpose Resolved By
Metadata Server .google.internal Getting API keys & config Metadata Server (Local)
Your VMs .internal Talking to other VMs Cloud DNS (via Metadata Server)

What are *.internal names?

Your actual VM hostnames do not end in google.internal. They end in .internal.

  • Format: [VM-NAME].[ZONE].c.[PROJECT-ID].internal
  • Example: web-server-1.us-central1-a.c.my-project.internal

(The c stands for "Compute" and serves as a namespace for Compute Engine resources.)

logo
PRIVACY POLICYABOUT中文