Source: Introducing Private DNS Zones: resolve to keep internal networks concealed from Google Cloud
Got private networks on Google Cloud Platform (GCP), but still want to use Google Cloud DNS, our fast, scalable, and reliable Domain Name System (DNS) service? Now, you can use Google Cloud DNS as the authoritative name server to resolve your domains on the Internet through public DNS zones, and use Private DNS Zones to perform internal DNS resolution for your private GCP networks. This means you can now:
Create private DNS zones to provide DNS name resolution to your private network resources (VMs, load balancers, etc).
Connect a private zone to a single network or multiple networks, giving you flexibility when designing your internal network architectures.
Create split-horizon DNS architectures where identical or overlapping zones can coexist between public and private zones in Cloud DNS, or across different GCP networks.
Utilize IAM-based, DNS-specific roles to delegate administrative or editor access to manage or view managed private zones.
In a nutshell, Private DNS zone provides a simple-to-manage internal DNS solution for your private networks on GCP. This GCP-native and managed private zone capability removes the need to provision and manage additional software and compute resources, simplifying management for network administrators. Since DNS queries for private zones are restricted to a private network, hostile agents can’t get internal network information.
DNS resolution is critical for the functioning of private and public networks. Now, your internal resources can be a part of your own domain without being exposed to the public internet. To learn more, you can read thedocumentation on Private DNS.