diff --git a/infrastructure/net-hub-and-spoke/dns.tf b/infrastructure/net-hub-and-spoke/dns.tf
new file mode 100644
index 00000000..b0e9932b
--- /dev/null
+++ b/infrastructure/net-hub-and-spoke/dns.tf
@@ -0,0 +1,68 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+##############################################################
+#                           DNS Zones                        #
+##############################################################
+
+module "hub-private-zone" {
+  source  = "terraform-google-modules/cloud-dns/google"
+  version = "~> 2.0"
+
+  project_id = var.hub_project_id
+  type       = "private"
+  name       = "${var.private_dns_zone_name}-hub-private"
+  domain     = var.private_dns_zone_domain
+
+  private_visibility_config_networks = [module.vpc-hub.network_self_link]
+}
+
+module "spoke-1-peering-zone" {
+  source  = "terraform-google-modules/cloud-dns/google"
+  version = "~> 2.0"
+
+  project_id = var.spoke_1_project_id
+  type       = "peering"
+  name       = "${var.private_dns_zone_name}-spoke-1-peering"
+  domain     = var.private_dns_zone_domain
+
+  private_visibility_config_networks = [module.vpc-spoke-1.network_self_link]
+  target_network                     = module.vpc-hub.network_self_link
+}
+
+module "spoke-2-peering-zone" {
+  source  = "terraform-google-modules/cloud-dns/google"
+  version = "~> 2.0"
+
+  project_id = var.spoke_2_project_id
+  type       = "peering"
+  name       = "${var.private_dns_zone_name}-spoke-2-peering"
+  domain     = var.private_dns_zone_domain
+
+  private_visibility_config_networks = [module.vpc-spoke-2.network_self_link]
+  target_network                     = module.vpc-hub.network_self_link
+}
+
+module "hub-forwarding-zone" {
+  source  = "terraform-google-modules/cloud-dns/google"
+  version = "~> 2.0"
+
+  project_id = var.hub_project_id
+  type       = "forwarding"
+  name       = "${var.forwarding_dns_zone_name}-hub-forwarding"
+  domain     = var.forwarding_dns_zone_domain
+
+  private_visibility_config_networks = [module.vpc-hub.network_self_link]
+  target_name_server_addresses       = var.forwarding_zone_server_addresses
+}
\ No newline at end of file
diff --git a/infrastructure/net-hub-and-spoke/instances.tf b/infrastructure/net-hub-and-spoke/instances.tf
index eef90774..a1f8cfc2 100644
--- a/infrastructure/net-hub-and-spoke/instances.tf
+++ b/infrastructure/net-hub-and-spoke/instances.tf
@@ -25,7 +25,7 @@ resource "google_compute_instance" "hub" {
     }
   }
   network_interface {
-    subnetwork    = element(module.vpc-hub.subnets_self_links, count.index)
+    subnetwork = element(module.vpc-hub.subnets_self_links, count.index)
     access_config {}
   }
 }
@@ -43,7 +43,7 @@ resource "google_compute_instance" "spoke-1" {
     }
   }
   network_interface {
-    subnetwork    = element(module.vpc-spoke-1.subnets_self_links, count.index)
+    subnetwork = element(module.vpc-spoke-1.subnets_self_links, count.index)
     access_config {}
   }
 }
@@ -61,7 +61,7 @@ resource "google_compute_instance" "spoke-2" {
     }
   }
   network_interface {
-    subnetwork    = element(module.vpc-spoke-2.subnets_self_links, count.index)
+    subnetwork = element(module.vpc-spoke-2.subnets_self_links, count.index)
     access_config {}
   }
 }
diff --git a/infrastructure/net-hub-and-spoke/variables.tf b/infrastructure/net-hub-and-spoke/variables.tf
index 13156e8e..29ec86ff 100644
--- a/infrastructure/net-hub-and-spoke/variables.tf
+++ b/infrastructure/net-hub-and-spoke/variables.tf
@@ -28,9 +28,9 @@ variable "prefix" {
   description = "Prefix for VPC names."
 }
 
-variable "hub_custom_route_advertisement" {
+variable "spoke_to_spoke_route_advertisement" {
   description = "Use custom route advertisement in hub routers to advertise all spoke subnets."
-  default     = false
+  default     = true
 }
 
 variable "hub_bgp_asn" {
@@ -96,3 +96,28 @@ variable "spoke_2_subnets" {
   ]
 }
 
+variable "private_dns_zone_name" {
+  description = "Private DNS Zone Name."
+  default     = "gcp-private"
+}
+
+variable "private_dns_zone_domain" {
+  description = "Private DNS Zone Domain."
+  default     = "gcp.private"
+}
+
+variable "forwarding_dns_zone_name" {
+  description = "Forwarding DNS Zone Name."
+  default     = "on-prem-private"
+}
+
+variable "forwarding_dns_zone_domain" {
+  description = "Forwarding DNS Zone Domain."
+  default     = "on-prem.private"
+}
+
+variable "forwarding_zone_server_addresses" {
+  description = "Forwarding DNS Zone Server Addresses"
+  default     = ["8.8.8.8", "8.8.4.4"]
+}
+       
\ No newline at end of file