<h2 id="heading-cname-chasing-is-the-root-issue">CNAME Chasing is the root issue</h2>
<p>In one of my projects, there was a requirement to be able to route between a GKE backend and a GCS backend. Since life was easier if the External Load Balancer was just created with GKE’s Ingress resource, we decided to try splitting the traffic to GCS using an External Name service.</p>
<h2 id="heading-the-problem">The Problem</h2>
<p>Somehow the backend service for the External Name was not working.  </p>
<p>I went into the cluster and attempted to do <code>curl</code> . It failed to resolve the host. Then, I tried <code>dig</code> and confirmed that the <code>CNAME</code> was being returned.  </p>
<p>It took me a while to find out that CNAME <a target="_blank" href="https://cloud.google.com/dns/docs/cnamechasing">chasing is not possible</a> for Cloud DNS in private zones.</p>
<p><img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1737635368443/ac7f4c3e-b1dc-4930-a1ee-8cd6e74551b0.png" alt class="image--center mx-auto" /></p>
<p>The infrastructure design was bad already, so I decided to go with a standalone External LB + standalone NEG setup. It’s unfortunate that we now have to manage the infrastructures separately with terraform and kuberenetes though.</p>


## CNAME Chasing is the root issue

In one of my projects, there was a requirement to be able to route between a GKE backend and a GCS backend. Since life was easier if the External Load Balancer was just created with GKE’s Ingress resource, we decided to try splitting the traffic to GCS using an External Name service.

## The Problem

Somehow the backend service for the External Name was not working.  
  
I went into the cluster and attempted to do `curl` . It failed to resolve the host. Then, I tried `dig` and confirmed that the `CNAME` was being returned.  

It took me a while to find out that CNAME [chasing is not possible](https://cloud.google.com/dns/docs/cnamechasing) for Cloud DNS in private zones.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1737635368443/ac7f4c3e-b1dc-4930-a1ee-8cd6e74551b0.png align="center")

The infrastructure design was bad already, so I decided to go with a standalone External LB + standalone NEG setup. It’s unfortunate that we now have to manage the infrastructures separately with terraform and kuberenetes though.

Learn why GKE External Name Service can't work with Private Zone Cloud DNS due to CNAME chasing limitations

You Can't Use GKE External Name Service with Private Zone Cloud DNS

CNAME Chasing is the root issue

The Problem