This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Database Migration Service (DMS), VPN and private DNS resolution

Posted on 11-24-2024 06:02 AM
BenHessionOCG
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

We are trying to setup continuous migration of an AWS RDS MySQL database to GCP CloudSQL. The source database is accessible in the GCP VPC via a site-to-site VPN connection using GCP classic VPN. We have also setup DNS forwarding using a managed zone.

I am able to connect to the RDS database using it's DNS name from a Compute Engine instance within the GCP VPC. I have also been able to setup continuous migration using the RDS instance's private IP address, VPC peering and exchanging IPv4 custom routes. 

As the RDS instance's IP can change (after restarts, failover or scaling), I want to setup the DMS connection profile to use the DNS name of the RDS database. However, using the current configuration, the DNS name does not resolve. I get the following error:

generic::unavailable: Unable to connect to source database server: unable to connect to source database server after 5s: generic::failed_precondition: "dial tcp: lookup migration-test-db.sandbox.internal on 169.254.169.254:53: no such host"     

I've read 169.254.169.254 is the metadata service and port 53 suggests a DNS lookup.  

Is there a way to make managed zone forwarding work with DMS? 

Solved Solved
0 2 356
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
greb
Staff
Reply posted on --/--/---- --:-- AM

Hi @BenHessionOCG,

Welcome to Google Cloud Community!

The concern you are encountering may be due to DMS running in a separate environment that is not within your VPC. Even though your Compute Engine instances can use DNS forwarding and managed zones to resolve the private DNS name, DMS cannot utilize your personalized DNS settings. Instead, it relies on Google's metadata service for resolving DNS, which is restricted to public DNS.

You may try to resolve this by using this approach:

  1. Use the Private IP Address: This bypasses DNS resolution issues. However, since the IP address can change, consider setting up a mechanism to update the DMS connection profile whenever the RDS instance's IP changes.
  2. Use a Proxy Instance: Deploy a Compute Engine instance in your VPC to act as a proxy that resolves the DNS and forwards connections to your RDS instance. Configure DMS to use this instance as an intermediary.
  3. Raise a Feature Request: Since DMS does not currently support private DNS forwarding or managed zones, raising a feature request with Google Cloud might help address this gap in future updates. This won’t guarantee specific time resolution, but it might help you and the community on your future projects

I hope the above information is helpful.

View solution in original post

Jump to Solution
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
greb
Staff
Reply posted on --/--/---- --:-- AM

Hi @BenHessionOCG,

Welcome to Google Cloud Community!

The concern you are encountering may be due to DMS running in a separate environment that is not within your VPC. Even though your Compute Engine instances can use DNS forwarding and managed zones to resolve the private DNS name, DMS cannot utilize your personalized DNS settings. Instead, it relies on Google's metadata service for resolving DNS, which is restricted to public DNS.

You may try to resolve this by using this approach:

  1. Use the Private IP Address: This bypasses DNS resolution issues. However, since the IP address can change, consider setting up a mechanism to update the DMS connection profile whenever the RDS instance's IP changes.
  2. Use a Proxy Instance: Deploy a Compute Engine instance in your VPC to act as a proxy that resolves the DNS and forwards connections to your RDS instance. Configure DMS to use this instance as an intermediary.
  3. Raise a Feature Request: Since DMS does not currently support private DNS forwarding or managed zones, raising a feature request with Google Cloud might help address this gap in future updates. This won’t guarantee specific time resolution, but it might help you and the community on your future projects

I hope the above information is helpful.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
BenHessionOCG
Bronze 1
Bronze 1
In response to greb
Reply posted on --/--/---- --:-- AM

That is helpful @greb, thank you for taking the time to look at this. I will raise a feature request as I think private DNS forwarding would be useful for continuous migrations involving RDS . But a proxy instance seems like a good solution in the meantime. I've marked your answer as the accepted solution. 

Raised feature request here: https://issuetracker.google.com/issues/381219426 

Jump to Solution
Top Labels in this Space
Top Solution Authors
View all