Organiza tus páginas con colecciones
Guarda y categoriza el contenido según tus preferencias.
En este documento, se describe cómo configurar y usar políticas del servidor DNS64 con redes de nube privada virtual (VPC).
Antes de comenzar
Las políticas del servidor DNS64 no se aplican a las instancias de máquina virtual (VM) de pila doble, las instancias de VM solo IPv4, las cargas de trabajo sin servidores ni las solicitudes enviadas a los extremos creados por una política del servidor DNS entrante.
Asegúrate de tener los permisos necesarios para crear una política del servidor DNS64.
Permisos necesarios para esta tarea
Para realizar esta tarea, debes tener los siguientes permisos o las siguientes funciones de IAM.
Permisos
dns.policies.create para crear una política de servidor DNS64
dns.policies.delete para borrar una política del servidor DNS64
dns.policies.get para recuperar la configuración actual de una política del servidor DNS64
dns.policies.list para enumerar todas las políticas del servidor DNS asociadas a un proyecto
dns.policies.update para actualizar una política del servidor DNS64
dns.managedZones.list para enumerar zonas administradas
Funciones
Administrador de DNS (roles/dns.admin)
Crea una política de servidor DNS64
Crea una política del servidor DNS64 para habilitar la comunicación entre las cargas de trabajo solo IPv6 y los destinos solo IPv4.
Después de crear una política de servidor DNS64, ocurre lo siguiente cuando se consulta un registro IPv6 (AAAA):
Si existe un registro DNS AAAA, el servidor DNS devuelve una dirección IPv6. Tu carga de trabajo se conecta con esa dirección IPv6.
Si no existe ningún registro DNS AAAA, Cloud DNS buscará registros A.
Luego, Cloud DNS crea direcciones IPv6 para las direcciones IPv4 en el registro A con el prefijo IPv6 64:ff9b::/96.
Para crear una política del servidor DNS64, sigue estos pasos.
NETWORK_URL: Es la URL completamente calificada de la red de VPC a la que se debe vincular tu política del servidor DNS, con el siguiente formato: https://www.googleapis.com/compute/v1/projects/PROJECT_ID/global/networks/VPC_NETWORK_NAME.
Especifica la red que contiene las subredes y las instancias solo IPv6.
Verifica si hay habilitada una política del servidor DNS64
gcloud
Para enumerar todas las políticas del servidor DNS en tu proyecto, ejecuta el comando dns policies list:
gcloud dns policies update NAME \
--no-enable-dns64-all-queries
Reemplaza NAME por el nombre de la política del servidor DNS64 que deseas inhabilitar.
¿Qué sigue?
Para configurar NAT64 para la traducción de NAT pública de direcciones IPv6 a IPv4, sigue las instrucciones que se indican en Crea una puerta de enlace de Cloud NAT.
Para obtener una descripción general de las políticas del servidor DNS, consulta Políticas del servidor DNS.
Para encontrar soluciones a problemas comunes que podrías tener cuando usas Cloud DNS, consulta Soluciona problemas de Cloud DNS.
[[["Fácil de comprender","easyToUnderstand","thumb-up"],["Resolvió mi problema","solvedMyProblem","thumb-up"],["Otro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Información o código de muestra incorrectos","incorrectInformationOrSampleCode","thumb-down"],["Faltan la información o los ejemplos que necesito","missingTheInformationSamplesINeed","thumb-down"],["Problema de traducción","translationIssue","thumb-down"],["Otro","otherDown","thumb-down"]],["Última actualización: 2025-09-04 (UTC)"],[[["\u003cp\u003eThis document details the configuration and usage of DNS64 server policies within Virtual Private Cloud (VPC) networks, enabling communication between IPv6-only workloads and IPv4-only destinations.\u003c/p\u003e\n"],["\u003cp\u003eDNS64 server policies are used to translate IPv4 addresses to IPv6 addresses when an \u003ccode\u003eAAAA\u003c/code\u003e DNS record does not exist for the queried domain, using the \u003ccode\u003e64:ff9b::/96\u003c/code\u003e IPv6 prefix.\u003c/p\u003e\n"],["\u003cp\u003eCreating a DNS64 server policy requires specific permissions, including \u003ccode\u003edns.policies.create\u003c/code\u003e, \u003ccode\u003edns.policies.delete\u003c/code\u003e, \u003ccode\u003edns.policies.get\u003c/code\u003e, \u003ccode\u003edns.policies.list\u003c/code\u003e, and \u003ccode\u003edns.policies.update\u003c/code\u003e, or the DNS Administrator role.\u003c/p\u003e\n"],["\u003cp\u003eDNS64 server policies can be managed using the \u003ccode\u003egcloud\u003c/code\u003e command-line tool or the \u003ccode\u003epolicies.create\u003c/code\u003e API, where you can create, verify, and disable the policy as needed.\u003c/p\u003e\n"],["\u003cp\u003ePre-GA products and features, like the ones described, are available "as is," might have limited support, and are subject to the "Pre-GA Offerings Terms" in the General Service Terms.\u003c/p\u003e\n"]]],[],null,["# Configure DNS64\n\nThis document describes how to configure and use DNS64 server policies with\nVirtual Private Cloud (VPC) networks.\n\nBefore you begin\n----------------\n\n- DNS64 server policies don't apply to dual-stack virtual machine (VM) instances, IPv4-only VM instances, serverless workloads, or requests sent to endpoints created by an [inbound DNS server\n policy](/dns/docs/server-policies-overview#dns-server-policy-in).\n- Make sure that you have the required permissions to create a DNS64 server policy.\n\n#### Permissions required for this task\n\nTo perform this task, you must have been granted the following permissions\n*or* the following IAM roles.\n\n**Permissions**\n\n- `dns.policies.create` to create a DNS64 server policy\n- `dns.policies.delete` to delete a DNS64 server policy\n- `dns.policies.get` to fetch the current configuration of a DNS64 server policy\n- `dns.policies.list` to list all DNS server policies associated with a project\n- `dns.policies.update` to update a DNS64 server policy\n- `dns.managedZones.list` to list managed zones\n\n**Roles**\n\n- DNS Administrator (`roles/dns.admin`)\n\nCreate a DNS64 server policy\n----------------------------\n\nCreate a DNS64 server policy to enable communication between IPv6-only\nworkloads and IPv4-only destinations.\n\nAfter you create a DNS64 server policy, the following occurs when\nan IPv6 (`AAAA`) record is queried:\n\n- If an `AAAA` DNS record exists, the DNS server returns an IPv6 address. Your workload connects by using that IPv6 address.\n- If no `AAAA` DNS record exists, Cloud DNS looks for `A` records. Cloud DNS then creates IPv6 addresses for the IPv4 addresses in the `A` record, by using the `64:ff9b::/96` IPv6 prefix.\n\nTo create a DNS64 server policy, follow these steps. \n\n### gcloud\n\nTo create a DNS64 server policy, run the [`gcloud dns policies\ncreate` command](/sdk/gcloud/reference/dns/policies/create): \n\n```\ngcloud dns policies create NAME \\\n --description=DESCRIPTION \\\n --networks=VPC_NETWORK_LIST \\\n --enable-dns64-all-queries\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003eNAME\u003c/var\u003e: a name for the policy\n- \u003cvar translate=\"no\"\u003eDESCRIPTION\u003c/var\u003e: a description for the policy\n- \u003cvar translate=\"no\"\u003eVPC_NETWORK_LIST\u003c/var\u003e: a comma-delimited list of VPC networks that the DNS server policy binds to\n\n### Terraform\n\n```\nresource \"google_dns_policy\" \"default\" {\n name = \"NAME\"\n\n dns64_config {\n scope {\n all_queries = true\n }\n }\n\n alternative_name_server_config {\n target_name_servers {\n ipv4_address = \"PRIVATE_IP_ADDRESS\"\n forwarding_path = \"private\"\n }\n target_name_servers {\n ipv4_address = \"PUBLIC_IP_ADDRESS\"\n }\n }\n\n networks {\n network_url = google_compute_network.default.id\n }\n}\n\nresource \"google_compute_network\" \"default\" {\n name = \"network\"\n auto_create_subnetworks = false\n}\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003eNAME\u003c/var\u003e: a name for the outbound DNS64 policy\n- \u003cvar translate=\"no\"\u003ePRIVATE_IP_ADDRESS\u003c/var\u003e: the IP address of an alternative name server using a private forwarding path\n- \u003cvar translate=\"no\"\u003ePUBLIC_IP_ADDRESS\u003c/var\u003e: the IP address of a different alternative name server\n\n### API\n\nTo create a DNS64 server policy, use the\n[`policies.create` method](/dns/docs/reference/rest/v1/policies/create): \n\n```\nPOST https://dns.googleapis.com/dns/v1/projects/PROJECT_ID/policies\n{\n \"kind\": \"dns#policy\",\n \"networks\": [\n {\n \"kind\": \"dns#policyNetwork\",\n \"networkUrl\": \"NETWORK_URL\"\n }\n ],\n \"dns64Config\":\n {\n \"scope\":\n {\n allQueries: true,\n }\n }\n }\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: your project ID.\n- \u003cvar translate=\"no\"\u003eNETWORK_URL\u003c/var\u003e: the fully qualified URL of the VPC network that your DNS server policy must bind to, formatted as follows: `https://www.googleapis.com/compute/v1/projects/`\u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e`/global/networks/`\u003cvar translate=\"no\"\u003eVPC_NETWORK_NAME\u003c/var\u003e. Specify the network that contains the IPv6-only subnets and instances.\n\nVerify if a DNS64 server policy is enabled\n------------------------------------------\n\n### gcloud\n\nTo list all DNS server policies in your project, run the\n[`dns policies list` command](/sdk/gcloud/reference/dns/policies/list): \n\n```\ngcloud dns policies list\n```\n\nTo get detailed information about a specific DNS64 server policy, run the\n[`gcloud dns policies describe` command](/sdk/gcloud/reference/dns/policies/describe): \n\n```\ngcloud dns policies describe NAME\n```\n\nReplace \u003cvar translate=\"no\"\u003eNAME\u003c/var\u003e with the name of the DNS64 server\npolicy about which you want detailed information.\n\nDisable a DNS64 server policy\n-----------------------------\n\n### gcloud\n\nTo disable a DNS64 server policy, run the [`dns policies update` command](/sdk/gcloud/reference/dns/policies/update): \n\n```\ngcloud dns policies update NAME \\\n --no-enable-dns64-all-queries\n```\n\nReplace \u003cvar translate=\"no\"\u003eNAME\u003c/var\u003e with the name of the DNS64 server\npolicy that you want to disable.\n\nWhat's next\n-----------\n\n- To configure NAT64 for Public NAT translation from IPv6 to IPv4 addresses, follow the instructions in [Create a Cloud NAT gateway](/nat/docs/set-up-manage-network-address-translation#create-nat-gateway).\n- To get an overview of DNS server policies, see [DNS server policies](/dns/docs/server-policies-overview).\n- To find solutions for common issues that you might encounter when using Cloud DNS, see [Troubleshoot Cloud DNS](/dns/docs/troubleshooting)."]]
