Skip to content

Use configured DNS name to lookup instance IP address #1053

New issue
New issue
Closed
#1055
#1054
Closed
Use configured DNS name to lookup instance IP address#1053
#1055
#1054
Assignees
hessjcg
Labels
priority: p1Important issue which blocks shipping the next release. Will be fixed prior to next release.type: feature request‘Nice-to-have’ improvement, new feature or different behavior or design.
@hessjcg

Description

@hessjcg
hessjcg
opened on Dec 16, 2025

Feature Description

When a connector is configured using a DNS name, it uses the DNS name to look up the instance connection name in a TXT record. The connector should use the DNS name to look up the instance IP address when connecting.

This is particularly useful for PSC instances with custom DNS names. By adding TXT and A records for the instance, the connector will only use the custom DNS name for the instance. It will not use the Cloud SQL-assigned PSC DNS name.

Users must create and update the TXT and A DNS records themselves. These records are not managed by Cloud SQL.

If the connector cannot resolve the IP address for the configured DNS name, it will fall back to existing behavior: use the IP address or cloud-sql assigned PSC DNS name from the instance metadata.

Updated Connection Algorithm

This is how a connector can connect to an instance with a custom DNS name AND an A record with the instance's IP address:

GIVEN:

  • The custom DNS name for an instance: "db.example.com"
  • An instance "my-project:us-central1:my-db"
  • The instance is configured with the Custom SAN "db.example.com"
  • DNS TXT record "db.example.com" that resolves to "my-project:us-central1:my-db"
  • DNS A record "db.example.com" that resolves to the IP address of the instance

WHEN: the connector dials the instance

THEN:

  • Connector performs DNS lookup of the TXT record for the instance to get the instance connection name "my-project:us-central1:my-db"
  • Connector calls the SqlAdmin API to get the instance metadata
  • Connector performs DNS lookup of the A record for the instance to get the instance IP address
  • Connector opens TCP connection to {instance-ip}, port 3307
  • Connector performs mTLS handshake with hostname validation for "db.example.com"
  • Connector dial operation is complete.

If there is no A or AAAA record for the DNS name address, it should fall back to its current behavior: using the IP address or the Cloud SQL-assigned PSC DNS name from the instance metadata.

GIVEN:

  • The custom DNS name for an instance: "db.example.com"
  • An instance "my-project:us-central1:my-db"
  • The instance is configured with the Custom SAN "db.example.com"
  • DNS TXT record "db.example.com" that resolves to "my-project:us-central1:my-db"
  • There is no A record defined for "db.example.com"

WHEN: the connector dials the instance

THEN:

  • Connector performs DNS lookup of the TXT record for the instance to get the instance connection name "my-project:us-central1:my-db"
  • Connector calls the SqlAdmin API to get the instance metadata
  • Connector performs DNS lookup of the A record for the instance to get the instance IP address, no a record is found
  • Connector uses the instance metadata to determine the instance IP address
  • Connector opens TCP connection to {instance-ip}, port 3307
  • Connector performs mTLS handshake with hostname validation for "db.example.com"
  • Connector dial operation is complete.

Metadata

Metadata

Assignees

Labels

priority: p1Important issue which blocks shipping the next release. Will be fixed prior to next release.type: feature request‘Nice-to-have’ improvement, new feature or different behavior or design.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions