HEX
Server: Apache/2.4.65 (Ubuntu)
System: Linux ielts-store-v2 6.8.0-1036-gcp #38~22.04.1-Ubuntu SMP Thu Aug 14 01:19:18 UTC 2025 x86_64
User: root (0)
PHP: 7.2.34-54+ubuntu20.04.1+deb.sury.org+1
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /snap/google-cloud-cli/394/help/man/man1/
Upload Files
File: //snap/google-cloud-cli/394/help/man/man1/gcloud_beta_dns_managed-zones_create.1
.TH "GCLOUD_BETA_DNS_MANAGED\-ZONES_CREATE" 1



.SH "NAME"
.HP
gcloud beta dns managed\-zones create \- create a Cloud DNS managed\-zone



.SH "SYNOPSIS"
.HP
\f5gcloud beta dns managed\-zones create\fR \fIZONE_NAME\fR \fB\-\-dns\-name\fR=\fIDNS_NAME\fR [\fB\-\-denial\-of\-existence\fR=\fIDENIAL_OF_EXISTENCE\fR] [\fB\-\-description\fR=\fIDESCRIPTION\fR] [\fB\-\-dnssec\-state\fR=\fIDNSSEC_STATE\fR] [\fB\-\-forwarding\-targets\fR=[\fIIP_ADDRESSES\fR,...]] [\fB\-\-gkeclusters\fR=[\fIGKECLUSTERS\fR,...]] [\fB\-\-ksk\-algorithm\fR=\fIKSK_ALGORITHM\fR] [\fB\-\-ksk\-key\-length\fR=\fIKSK_KEY_LENGTH\fR] [\fB\-\-labels\fR=[\fIKEY\fR=\fIVALUE\fR,...]] [\fB\-\-location\fR=\fILOCATION\fR] [\fB\-\-[no\-]log\-dns\-queries\fR] [\fB\-\-managed\-reverse\-lookup\fR] [\fB\-\-networks\fR=[\fINETWORK\fR,...]] [\fB\-\-private\-forwarding\-targets\fR=[\fIIP_ADDRESSES\fR,...]] [\fB\-\-service\-directory\-namespace\fR=\fISERVICE_DIRECTORY_NAMESPACE\fR] [\fB\-\-visibility\fR=\fIVISIBILITY\fR;\ default="public"] [\fB\-\-zsk\-algorithm\fR=\fIZSK_ALGORITHM\fR] [\fB\-\-zsk\-key\-length\fR=\fIZSK_KEY_LENGTH\fR] [\fB\-\-target\-network\fR=\fITARGET_NETWORK\fR\ \fB\-\-target\-project\fR=\fITARGET_PROJECT\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]



.SH "DESCRIPTION"

\fB(BETA)\fR This command creates a Cloud DNS managed\-zone.



.SH "EXAMPLES"

To create a managed\-zone, run:

.RS 2m
$ gcloud beta dns managed\-zones create my\-zone \e
    \-\-dns\-name=my.zone.com. \-\-description="My zone!"
.RE

To create a managed\-zone with DNSSEC, run:

.RS 2m
$ gcloud beta dns managed\-zones create my\-zone\-2 \e
    \-\-description="Signed Zone" \-\-dns\-name=myzone.example \e
    \-\-dnssec\-state=on
.RE

.RS 2m
To create a zonal managed\-zone scoped to a GKE Cluster in us\-east1\-a, run:
.RE

.RS 2m
$ gcloud beta dns managed\-zones create my\-zonal\-zone \e
    \-\-description="Signed Zone" \-\-dns\-name=cluster.local \e
    \-\-visibility=private \-\-gkeclusters=cluster1 \e
    \-\-location=us\-east1\-a
.RE



.SH "POSITIONAL ARGUMENTS"

.RS 2m
.TP 2m
\fIZONE_NAME\fR

The name of the managed\-zone to be created.


.RE
.sp

.SH "REQUIRED FLAGS"

.RS 2m
.TP 2m
\fB\-\-dns\-name\fR=\fIDNS_NAME\fR

The DNS name suffix that will be managed with the created zone.


.RE
.sp

.SH "OPTIONAL FLAGS"

.RS 2m
.TP 2m
\fB\-\-denial\-of\-existence\fR=\fIDENIAL_OF_EXISTENCE\fR

Requires DNSSEC enabled. \fIDENIAL_OF_EXISTENCE\fR must be one of: \fBnsec\fR,
\fBnsec3\fR.

.TP 2m
\fB\-\-description\fR=\fIDESCRIPTION\fR

Short description for the managed zone.

.TP 2m
\fB\-\-dnssec\-state\fR=\fIDNSSEC_STATE\fR

The DNSSEC state for this managed zone. \fIDNSSEC_STATE\fR must be one of:

.RS 2m
.TP 2m
\fBoff\fR
Disable DNSSEC for the managed zone.
.TP 2m
\fBon\fR
Enable DNSSEC for the managed zone.
.TP 2m
\fBtransfer\fR
Enable DNSSEC and allow transferring a signed zone in or out.
.RE
.sp


.TP 2m
\fB\-\-forwarding\-targets\fR=[\fIIP_ADDRESSES\fR,...]

List of IPv4/IPv6 addresses or one domain name of the target name server that
the zone will forward queries to. Ignored for \f5public\fR visibility.
Non\-RFC1918 addresses will forward to the target through the Internet. RFC1918
addresses will forward through the VPC.

.TP 2m
\fB\-\-gkeclusters\fR=[\fIGKECLUSTERS\fR,...]

List of GKE clusters that the zone should be visible in if the zone visibility
is [private].

.TP 2m
\fB\-\-ksk\-algorithm\fR=\fIKSK_ALGORITHM\fR

String mnemonic specifying the DNSSEC algorithm of the key\-signing key.
Requires DNSSEC enabled. \fIKSK_ALGORITHM\fR must be one of:
\fBecdsap256sha256\fR, \fBecdsap384sha384\fR, \fBrsasha1\fR, \fBrsasha256\fR,
\fBrsasha512\fR.

.TP 2m
\fB\-\-ksk\-key\-length\fR=\fIKSK_KEY_LENGTH\fR

Length of the key\-signing key in bits. Requires DNSSEC enabled.

.TP 2m
\fB\-\-labels\fR=[\fIKEY\fR=\fIVALUE\fR,...]

List of label KEY=VALUE pairs to add.

Keys must start with a lowercase character and contain only hyphens (\f5\-\fR),
underscores (\f5_\fR), lowercase characters, and numbers. Values must contain
only hyphens (\f5\-\fR), underscores (\f5_\fR), lowercase characters, and
numbers.

.TP 2m
\fB\-\-location\fR=\fILOCATION\fR

Specifies the desired service location the request is sent to. Defaults to Cloud
DNS global service. Use \-\-location=global if you want to target the global
service.

.TP 2m
\fB\-\-[no\-]log\-dns\-queries\fR

Specifies whether to enable query logging. Defaults to False. Use
\fB\-\-log\-dns\-queries\fR to enable and \fB\-\-no\-log\-dns\-queries\fR to
disable.

.TP 2m
\fB\-\-managed\-reverse\-lookup\fR

Specifies whether this zone is a managed reverse lookup zone, required for Cloud
DNS to correctly resolve Non\-RFC1918 PTR records.

.TP 2m
\fB\-\-networks\fR=[\fINETWORK\fR,...]

List of networks that the zone should be visible in if the zone visibility is
[private].

.TP 2m
\fB\-\-private\-forwarding\-targets\fR=[\fIIP_ADDRESSES\fR,...]

List of IPv4/IPv6 addresses or one domain name of the target name server that
the zone will forward queries to. Ignored for \f5public\fR visibility. All
addresses specified for this parameter will be reached through the VPC.

.TP 2m
\fB\-\-service\-directory\-namespace\fR=\fISERVICE_DIRECTORY_NAMESPACE\fR

The fully qualified URL of the service directory namespace that should be
associated with the zone. Ignored for \f5public\fR visibility zones.

.TP 2m
\fB\-\-visibility\fR=\fIVISIBILITY\fR; default="public"

Visibility of the zone. Public zones are visible to the public internet. Private
zones are only visible in your internal networks denoted by the
\f5\-\-networks\fR flag. \fIVISIBILITY\fR must be one of: \fBpublic\fR,
\fBprivate\fR.

.TP 2m
\fB\-\-zsk\-algorithm\fR=\fIZSK_ALGORITHM\fR

String mnemonic specifying the DNSSEC algorithm of the key\-signing key.
Requires DNSSEC enabled. \fIZSK_ALGORITHM\fR must be one of:
\fBecdsap256sha256\fR, \fBecdsap384sha384\fR, \fBrsasha1\fR, \fBrsasha256\fR,
\fBrsasha512\fR.

.TP 2m
\fB\-\-zsk\-key\-length\fR=\fIZSK_KEY_LENGTH\fR

Length of the zone\-signing key in bits. Requires DNSSEC enabled.

.TP 2m
\fB\-\-target\-network\fR=\fITARGET_NETWORK\fR

Network ID of the Google Compute Engine private network to forward queries to.

.TP 2m
\fB\-\-target\-project\fR=\fITARGET_PROJECT\fR

Project ID of the Google Compute Engine private network to forward queries to.


.RE
.sp

.SH "GCLOUD WIDE FLAGS"

These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.

Run \fB$ gcloud help\fR for details.



.SH "NOTES"

This command is currently in beta and might change without notice. These
variants are also available:

.RS 2m
$ gcloud dns managed\-zones create
.RE

.RS 2m
$ gcloud alpha dns managed\-zones create
.RE
@ Telegram