While preparing for the GCP Associate Cloud Engineer (ACE) exam, many candidates get confused by Cloud DNS record configuration best practices. In the real world, this is fundamentally a decision about proper DNS record type usage for availability, performance, and simplicity. Let’s drill into a simulated scenario.
The Scenario #
Globex Interactive is a global online gaming startup experiencing rapid user growth across Americas, Europe, and Asia. To efficiently route player traffic and scale their application, Globex uses a Google Cloud HTTP(S) Load Balancer fronting their backend services. They want to create DNS records so that the following domain names resolve correctly and consistently:
- home.globexgaming.com
- globexgaming.com
- www.globexgaming.com
Each of these hosts should point to the external IP address of their Google Cloud Load Balancer. DNS must be configured such that traffic is routed with minimal latency and optimized for global caching.
Key Requirements #
Configure the DNS records in Cloud DNS that correctly map home.globexgaming.com, globexgaming.com, and www.globexgaming.com to the IP address of the Google Cloud Load Balancer while following DNS best practices for apex domains and subdomains.
The Options #
- A) Create one CNAME record to point globexgaming.com to the load balancer, and create two A records to point WWW and HOME to globexgaming.com respectively.
- B) Create one CNAME record to point globexgaming.com to the load balancer, and create two AAAA records to point WWW and HOME to globexgaming.com respectively.
- C) Create one A record to point globexgaming.com to the load balancer, and create two CNAME records to point WWW and HOME to globexgaming.com respectively.
- D) Create one A record to point globexgaming.com to the load balancer, and create two NS records to point WWW and HOME to globexgaming.com respectively.
Correct Answer #
C) Create one A record to point globexgaming.com to the load balancer, and create two CNAME records to point WWW and HOME to globexgaming.com respectively.
The Architect’s Analysis #
Correct Answer #
Option C is the recommended approach.
Step-by-Step Winning Logic #
- The apex domain globexgaming.com must use an A record pointing directly to the external IP address of the Google Cloud Load Balancer.
- DNS standards prohibit using a CNAME record at the apex domain because it interferes with other essential records like SOA and NS records.
- For the subdomains www.globexgaming.com and home.globexgaming.com, it is best practice to create CNAME records that alias to the apex domain. This centralizes management and simplifies DNS updates.
- AAAA records are only used if the load balancer supports IPv6 addresses, but the question assumes IPv4.
- NS records delegate subdomains to separate name servers, which is unnecessary and incorrect in this scenario.
- This configuration optimizes DNS resolution latency and operational simplicity consistent with SRE principles of reducing complexity and errors.
The Traps (Distractor Analysis) #
- Why not A? (Option A) Using a CNAME on the apex domain is not allowed by DNS standards, which breaks resolution for globexgaming.com. Also, pointing subdomains directly with A records duplicates IP addresses and increases management overhead.
- Why not B? AAAA records point to IPv6. If there is no IPv6 address assigned to the load balancer, this is ineffective. Also, the apex domain cannot be a CNAME.
- Why not D? NS records delegate authority to different name servers. Using NS records for www and home subdomains unnecessarily fragments DNS control and is inappropriate here.
The Architect Blueprint #
Mermaid Diagram illustrating correct DNS record setup:
Diagram Note:
Users resolve apex domain via an A record directly to the Load Balancer IP, while subdomains resolve via CNAME aliases to the apex, streamlining DNS management and traffic routing.
Real-World Practitioner Insight #
Exam Rule #
For the exam, always remember: “Use A records for apex/root domains, and use CNAME for subdomains pointing to the apex or external targets.”
Real World #
In practice, some DNS providers support “ANAME” or “ALIAS” records that behave like CNAMEs at the apex to overcome DNS limitations — but GCP Cloud DNS does not natively support this; the canonical approach applies.