Solved: dns error trying to access model endpoint

Andacus · 03-19-2025 09:24 PM

Hi there,

Note I insert (endpoint ID) for where my endpoint ID and (project ID) for my project ID but yes I"m inserting it correctly.

Hi, I have spent half a day with germini trying to resolve this so I have gone over all the basic issues. I've deployed an endpoint which should be able to be called from my ai brain script. I'm getting erros about DNS. Durting testing it resolves

PS C:\WINDOWS\system32> nslookup (endpointID).us-central1-(proejct number).prediction.vertexai.goog
>>
Server: dns.google
Address: 8.8.8.8

*** dns.google can't find {project id}.us-central1-(proejct number).prediction.vertexai.goog: Non-existent domain when running from local powershell.

In google console cloud it confirms dedicated dns is enabled, however when I click the endpoint to view in gui it shows the box unticked, not sure if that is causing an issue. Note, I've deleted and recreated four models and everytime is the same.

Using endpoint [https://us-central1-aiplatform.googleapis.com/]
createTime: '2025-03-20T03:12:29.939673Z'
dedicatedEndpointDns: (endpoint ID).us-central1-(proejct number).prediction.vertexai.goog
dedicatedEndpointEnabled: true
deployedModels:
- createTime: '2025-03-20T03:12:29.939673Z'
disableContainerLogging: true
displayName: remai-primary-model-pro
enableAccessLogging: true
id: '2894087227631992832'
model: projects/(proejct number)/locations/us-central1/models/8636528596250263552
modelVersionId: '1'
displayName: remai-primary-model-endpoint1
etag: AMEw9yMlefh8eEVSrVzSFJ-8Kx7A4k3f9Ft15FHjbTNCflVB46PTcfh72nTtRJdqB8yE
name: projects/(proejct number)/locations/us-central1/endpoints/(endpoint ID)
trafficSplit:
'2894087227631992832': 100
updateTime: '2025-03-20T03:12:32.563405Z'
username@cloudshell:~ (remai-d3e17)$ ^

Finally, I've checked permissions and all are valid, I've actually over shared in permissions to make sure that is not the issue, however the error points to dns. I've also tried to run from public but get error as well.

username@cloudshell:~ (remai-d3e17)$ curl -X POST "https://us-central1-aiplatform.googleapis.com/v1/projects/(proejct number)/locations/us-central1/endpoints/(project ID):predict" \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "Content-Type: application/json" \
-d '{
"instances": [{"input_text": "Hello, can you hear me?"}]
}'
{
"error": {
"code": 400,
"message": "Dedicated Endpoint cannot be accessed through the shared Vertex AI domain aiplatform.googleapis.com. Please access the endpoint using its dedicated domain name '(project ID).us-central1-(proejct number).prediction.vertexai.goog'",
"status": "FAILED_PRECONDITION"
}
}

My script uses the dedicated endpoint URL, I did notice under API in modles registry it justt has '-'. I'm not sure if it should have API there, if so where can I access it, but geminin keeps telling me that the dedicated endpoint url is all I need. not that it matters, but this is the line in my script but I've also not been able to get it working testing either as you can see above.Please help asap this model is needing to be uploaded to test for a customer asap, if it works we can move our fleet to google cloud.

VERTEX_AI_ENDPOINT = "https://us-central1-aiplatform.googleapis.com/v1/projects/(proejct number)/locations/us-central1/endpoints/(endpoint ID):predict"

jerrytomson

It looks like you're encountering DNS resolution issues when trying to access your Vertex AI Dedicated Endpoint. Here are some possible reasons and solutions:

Potential Issues & Fixes

1. Use the Correct Dedicated Endpoint URL

Your error message states:

"Dedicated Endpoint cannot be accessed through the shared Vertex AI domain aiplatform.googleapis.com. Please access the endpoint using its dedicated domain name."

This means that instead of:

bash

CopyEdit

https://us-central1-aiplatform.googleapis.com/v1/projects/(project number)/locations/us-central1/endpoints/(endpoint ID):predict

You must use the dedicated endpoint domain:

bash

CopyEdit

https://(endpoint ID).us-central1-(project number).prediction.vertexai.goog

Fix: Ensure that your script is actually using this dedicated endpoint and not the shared API.

2. Verify DNS Resolution & Network Issues

Check if your dedicated endpoint domain resolves correctly:

bash

CopyEdit

nslookup (endpoint ID).us-central1-(project number).prediction.vertexai.goog

If you get a non-existent domain error:

Check if the dedicated endpoint is enabled in Google Cloud Console. If it shows unticked, try re-enabling it.
Wait for DNS propagation. It may take a few minutes after creation.
Try from another network. Run the command on another device or public cloud shell.

3. Ensure Your Endpoint is Fully Deployed

Check if your endpoint is fully initialized by running:

bash

CopyEdit

gcloud ai endpoints describe (endpoint ID) --location=us-central1

Look for deployedModels and ensure it is active and running.

4. Ensure IAM Permissions are Set Correctly

Since you've already given broad permissions, make sure the service account used for authentication has:

Vertex AI User Role
AI Platform Admin Role
Cloud Run Invoker Role

You can confirm by running:

bash

CopyEdit

gcloud projects get-iam-policy (project ID)

5. Test API Call with CURL (Using Dedicated Endpoint)

Instead of using the shared API, run the following with your dedicated domain:

bash

CopyEdit

curl -X POST "https://(endpoint ID).us-central1-(project number).prediction.vertexai.goog/v1/projects/(project number)/locations/us-central1/endpoints/(endpoint ID):predict" \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json" \ -d '{ "instances": [{"input_text": "Hello, can you hear me?"}] }'

If this still fails with a DNS error, then your dedicated endpoint is not resolving properly.

Final Steps

Re-enable dedicated DNS for the endpoint in Google Cloud Console.
Try a different network or Google Cloud Shell for the request.
Confirm your API call uses the correct dedicated endpoint URL.
Check DNS resolution again after a few minutes.

Let me know what errors you get after these tests! 🚀

View solution in original post

NorieRam

Hi @Andacus,

Welcome to Google Cloud Community!

The DNS resolution failure strongly suggests a configuration issue preventing your AI Brain script from connecting. The GUI discrepancy hints at a propagation delay or underlying Vertex AI problem. Recreating the model alone won't suffice; focus on the endpoint itself.

Here are some possible ways you may want to consider:

Delete the existing endpoint and create a new one, ensuring the "dedicated endpoint" option is explicitly enabled. Double-check this setting immediately after creation.
After creating the endpoint, wait for DNS propagation (up to 30 minutes). This is essential.
There might be a network configuration issue between your client and the Vertex AI service, even if DNS resolution is working.
Double-check firewall rules to ensure outbound connections on port 443 (HTTPS) are allowed to the dedicated endpoint domain.
Before integrating with your AI Brain script, test connectivity using a simple curl command with the dedicated endpoint URL. This helps pinpoint script-specific problems.

If the issue persists, you may reach out to Google Cloud Support. When reaching out, include detailed information and relevant screenshots of the errors you’ve encountered. This will assist them in diagnosing and resolving your issue more efficiently.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

Andacus

Thanks for the response,

Just to confirm, I've been deleting the endpoints not the model. On the four I re-did I deffinetely made sure to tick 'enable dedicated DNS' but then when I would look at settings the box isn't ticked. HOwever, as per above, when I run a GCP console command it shows it as 'True'.

Quite confusing..but I must admit I dont think I waited 30minutes, perhaps it takes 30minutes to resolve itself?

I'll try create an endpoint and try again. THank you.

jerrytomson

It looks like you're encountering DNS resolution issues when trying to access your Vertex AI Dedicated Endpoint. Here are some possible reasons and solutions:

Potential Issues & Fixes

1. Use the Correct Dedicated Endpoint URL

Your error message states:

"Dedicated Endpoint cannot be accessed through the shared Vertex AI domain aiplatform.googleapis.com. Please access the endpoint using its dedicated domain name."

This means that instead of:

bash

CopyEdit

https://us-central1-aiplatform.googleapis.com/v1/projects/(project number)/locations/us-central1/endpoints/(endpoint ID):predict

You must use the dedicated endpoint domain:

bash

CopyEdit

https://(endpoint ID).us-central1-(project number).prediction.vertexai.goog

Fix: Ensure that your script is actually using this dedicated endpoint and not the shared API.

2. Verify DNS Resolution & Network Issues

Check if your dedicated endpoint domain resolves correctly:

bash

CopyEdit

nslookup (endpoint ID).us-central1-(project number).prediction.vertexai.goog

If you get a non-existent domain error:

Check if the dedicated endpoint is enabled in Google Cloud Console. If it shows unticked, try re-enabling it.
Wait for DNS propagation. It may take a few minutes after creation.
Try from another network. Run the command on another device or public cloud shell.

3. Ensure Your Endpoint is Fully Deployed

Check if your endpoint is fully initialized by running:

bash

CopyEdit

gcloud ai endpoints describe (endpoint ID) --location=us-central1

Look for deployedModels and ensure it is active and running.

4. Ensure IAM Permissions are Set Correctly

Since you've already given broad permissions, make sure the service account used for authentication has:

Vertex AI User Role
AI Platform Admin Role
Cloud Run Invoker Role

You can confirm by running:

bash

CopyEdit

gcloud projects get-iam-policy (project ID)

5. Test API Call with CURL (Using Dedicated Endpoint)

Instead of using the shared API, run the following with your dedicated domain:

bash

CopyEdit

curl -X POST "https://(endpoint ID).us-central1-(project number).prediction.vertexai.goog/v1/projects/(project number)/locations/us-central1/endpoints/(endpoint ID):predict" \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json" \ -d '{ "instances": [{"input_text": "Hello, can you hear me?"}] }'

If this still fails with a DNS error, then your dedicated endpoint is not resolving properly.

Final Steps

Re-enable dedicated DNS for the endpoint in Google Cloud Console.
Try a different network or Google Cloud Shell for the request.
Confirm your API call uses the correct dedicated endpoint URL.
Check DNS resolution again after a few minutes.

Let me know what errors you get after these tests! 🚀

Andacus

Thank you,

It ended up being my misunderstanding of the model registry and online prediction and what was model with an endpoint already vs a newly created one. However, your troubleshooting steps helped me identify that, thank you!