To connect you domain to your website on GCP you should follow next steps:
- create public managed zone on Google Cloud DNS
- replace existed NS records with obtained at Google Cloud DNS (for example
ns-cloud-d1-googledomains.com, ns-cloud-d2-googledomains.com, ns-cloud-d3-googledomains.com and ns-cloud-d4-googledomains.com) at domain registrar side
- reserve external static IP address for your VM
- create VM using reserved external static IP address or reconfigure existing one and do not forget to enable HTTP/HTTPS access
- create A record
- install web server and configure web site
- check if required ports open with command
nmap -Pn EXTERNAL_IP_OF_YOUR_VM and configure firewall if necessary
- access your web site by domain name http://DOMAIN_NAME
To check if your configuration at registrar side correct use command dig NS DOMAIN_NAME and you should get something like this:
$ dig NS DOMAIN_NAME
...
;; ANSWER SECTION:
DOMAIN_NAME. 86400 IN NS ns-cloud-d1-googledomains.com.
DOMAIN_NAME. 86400 IN NS ns-cloud-d2-googledomains.com.
DOMAIN_NAME. 86400 IN NS ns-cloud-d3-googledomains.com.
DOMAIN_NAME. 86400 IN NS ns-cloud-d4-googledomains.com.
After that you can check A records with quite the same command:
$ dig A DOMAIN_NAME
...
;; ANSWER SECTION:
DOMAIN_NAME. 300 IN A 104.XXX.225.XXX
$ dig A DOMAIN_NAME
...
;; ANSWER SECTION:
www.DOMAIN_NAME. 300 IN A 104.XXX.225.XXX
if everything looks good at DNS side, but your site doesn't work:
This site can’t be reached
DOMAIN_NAME refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED
check current status of firewall:
$ nmap -Pn 104.XXX.225.XXX
...
PORT STATE SERVICE
22/tcp open ssh
80/tcp closed http
443/tcp closed https
3389/tcp closed ms-wbt-server
Nmap done: 1 IP address (1 host up) scanned in 11.49 seconds
in case ports 80 and 443 are closed you should open ports on firewall - go to Compute Engine -> VM instances -> click on NAME_OF_YOUR_VM -> click EDIT -> go to Firewall section and check Allow HTTP traffic and Allow HTTP traffic -> click Save. After that, check again with command nmap -Pn 104.XXX.225.XXX if ports 80/443 (http/https) are open:
$ nmap -Pn 104.XXX.225.XXX
...
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
3389/tcp closed ms-wbt-server
Nmap done: 1 IP address (1 host up) scanned in 11.49 seconds
Returning back to your issue:
The 'dig' tool tells me my domain is listed on
ns-cloud-e#.googledomains.com - the 'E' set of cloud DNS servers(?).
Maybe that was from an earlier attempt. But now my DNS zone says my
domain is listed with ns-cloud-a#.googledomains.com - the 'A' set of
cloud DNS servers.
To solve this issue go to your zone on Google Cloud DNS and check NS records:
In case they aren't the same go to domain registrar side and replace NS records with proper ones then wait and check again. Keep in mind that propagation of DNS changes could take 24-72 hours.
