Cloud DNS forwarding not resolving in other networks of shared VPC

Our setup:

We have a master project A, and two other projects, B and C. In project A, we have a shared VPC with networks A, B, and C (related to which project they’re meant to serve). The VPC for B is shared from project A to project B, and the VPC for C is shared from project A to project C. The networks are peered with each other.

Within project A, we have a private Cloud DNS zone which forwards to two DNS servers. One of these servers is in project A and network A, and one of them is in project B on network B. We have selected all networks (A, B, and C) to be included in this DNS zone.

Our problem:

Cloud DNS appears not to be sharing properly across these networks. With experimentation, we have found that instances will be able to resolve records that are on a DNS server on the same network, but not on another network. ie:

An instance on network A will be able to resolve a domain from the network A DNS server, but not from a network B DNS server, and vice versa. However, if you explicitly define the DNS server, it works as expected.

For example, let 10.0.0.1 have an A record for foo.com, and 10.0.1.1 have an A record for bar.com. They are hosted on network A and network B respectively:

On an instance from network A:

  • Running nslookup foo.com will resolve.
  • Running nslookup bar.com will return SERVFAIL.
  • Running nslookup bar.com 10.0.1.1 will resolve.

Similarly, using an instance on network B

  • Running nslookup bar.com will resolve
  • Running nslookup foo.com will return SERVFAIL
  • Running nslookup foo.com 10.0.0.1 will resolve

And network C:

  • Running nslookup foo.com will return SERVFAIL
  • Running nslookup bar.com will return SERVFAIL
  • Running nslookup foo.com 10.0.0.1 will resolve
  • Running nslookup bar.com 10.0.1.1 will resolve

I’m unsure why this behaviour is as it is.

What has been tried/confirmed

  • We have ensured all networks can communicate on TCP/UDP port 53, and that both nameservers can be seen from all networks
  • We have tried adding policies (which gave a similar result, only failures returned NXDOMAIN rather than SERVFAIL)
  • We have looked into DNS peering, which is not applicable here

Any help here would be appreciated. I’m aware that private zones in Cloud DNS are still a Beta feature, but this setup should currently be possible according to the documentation.

how to setup virtual network interface and using iptables forwarding to route between virtual network interfaces?

I am trying to setup mutli network interfaces because I would like to do multi traffic-control at once.
My device only support one physical network interface.

So my thought is to set one network interface and ip route default to it.
Then base on different iptable polcy, the packets can go through different virtual network interfaces which is bond traffic-control policy.
Then all the packets should go through physic network interface to reach wan.

$   sudo ifconfig enp0s5:3 123.123.22.23 $   sudo ip route add 0.0.0.0/0 via 123.123.22.23 dev enp0s5:3  $   sudo iptables -t nat -A POSTROUTING -o enp0s5:3 -j MASQUERADE $   sudo IPTABLES -A FORWARD -i enp0s5:3 -o enp0s5 -m state --state RELATED,ESTABLISHED -j ACCEPT $   sudo iptables -A FORWARD -i enp0s5 -o enp0s5:3 -j ACCEPT $   sudo iptables -A FORWARD -i enp0s5 -o enp0s5:3 -m state --state RELATED,ESTABLISHED -j ACCEPT $    sudo iptables -A FORWARD -i enp0s5:3 -o enp0s5 -j ACCEPT 

However, I setup this but the packets not going outside.
I ping google.com and it said failed no route to host.

enter image description here

I have go daddy forwarding my domain naqati.com to https://naqati.pumposhcloud.com [duplicate]

This question already has an answer here:

  • Redirect, Change URLs or Redirect HTTP to HTTPS in Apache – Everything You Ever Wanted to Know About Mod_Rewrite Rules but Were Afraid to Ask 5 answers

Please help me with apache’s mod-rewrite rule so that godaddy hosted http://naqati.com when forwarded to https://naqati.pumposhcloud.com masks the url to https://naqati.com . If I use godaddy mask url option it makes it non ssl url as http://naqati.com and they saying that they can not help with my issue and If I don’t use godaddy’s mask url it displays https://naqati.pumposhcloud.com in the user browser. I just need it to forward it to https://naqati.pumposhcloud.com but mask the url in browser as https://naqati.com

Url forwarding and masking with htaccess and ssl

I am trying to redirect domainA.com to domainB.com with masking (keep in URL bar the domainA.com/xxxxx while it is showing actually domainB.com/xxxxx) using https.
I have tried several rules in htaccess but all failed (either showind domainB in URL bar or getting errors like 500 in resolving the site). I have used htaccess for doing that to several non-ssl sites in the past, but I cannot manage to do this work in https…
I have separate ssl for both of the domains.
Any help with htaccess examples would be really appreciated…

Forwarding ICMP response to TAP interface

I am trying to do a test where I forward ICMP responses to a TAP interface. I created a TAP interface and assigned it the address 10.0.4.1/24.

My linux setup uses the interface enp0s3 as the default option. To forward any ICMP response to the TAP interface, I tried the following rules:

# iptables -t nat -A PREROUTING -i enp0s3 -p icmp -j DNAT --to 10.0.4.1 # iptables -A FORWARD -p icmp -i enp0s3 -j ACCEPT # iptables -t nat -A POSTROUTING -o 10.0.4.1 -j MASQUERADE 

At the moment, the TAP interface is in UP state, and I have a program which is listening to the TAP interface.

If I ping an external IP like 8.8.8.8, the ping program is still able to get the response. I want to ask shouldn’t the ping program not receive any response because ICMP response is getting forwarded to the TAP interface ? Also, is my approach to redirect traffic to the TAP device correct ?

How to make a TV recording box that prevents fast forwarding?

I have a receiver to record television. On some channels, even if you’ve recorded the whole thing, you can’t fast forward your recording when you watch it afterwards (offline). So my question is if you develop such a receiver, how can you make them “hackproof” (if it is even possible), for example preventing a hack to fast forward a recording.

Gmailify vs simple forwarding. What’s the difference?

I have a main Google account and two other email addresses I’d like to manage through the main account. One is a another Gmail address and the other is a @outlook address.

I understand that I have two options: 1. Use Gmailify (possible for one email address only) 2. Forward each email address to the main one and add them as “Send mail as”, so that I can send emails from them too.

Obviously, if I were to choose option 1 for one address, I’d have to choose 2 for the other as only one other email address can be “Gmailified”.

Is there any important difference between the two options (or any difference at all)?