Skip to content

Latest commit

 

History

History
 
 

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 

Google Cloud DNS Module

This module allows simple management of Google Cloud DNS zones and records. It supports creating public, private, forwarding, peering, service directory and reverse-managed based zones. To create inbound/outbound server policies, please have a look at the net-vpc module.

For DNSSEC configuration, refer to the dns_managed_zone documentation.

Examples

Private Zone

module "private-dns" {
  source     = "./fabric/modules/dns"
  project_id = "myproject"
  name       = "test-example"
  zone_config = {
    domain = "test.example."
    private = {
      client_networks = [var.vpc.self_link]
    }
  }
  recordsets = {
    "A localhost" = { records = ["127.0.0.1"] }
    "A myhost"    = { ttl = 600, records = ["10.0.0.120"] }
  }
  iam = {
    "roles/dns.admin" = ["group:[email protected]"]
  }
}
# tftest modules=1 resources=5 inventory=private-zone.yaml

Forwarding Zone

module "private-dns" {
  source     = "./fabric/modules/dns"
  project_id = "myproject"
  name       = "test-example"
  zone_config = {
    domain = "test.example."
    forwarding = {
      client_networks = [var.vpc.self_link]
      forwarders      = { "10.0.1.1" = null, "1.2.3.4" = "private" }
    }
  }
}
# tftest modules=1 resources=2 inventory=forwarding-zone.yaml

Peering Zone

module "private-dns" {
  source     = "./fabric/modules/dns"
  project_id = "myproject"
  name       = "test-example"
  zone_config = {
    domain = "."
    peering = {
      client_networks = [var.vpc.self_link]
      peer_network    = var.vpc2.self_link
    }
  }
}
# tftest modules=1 resources=2 inventory=peering-zone.yaml

Routing Policies

module "private-dns" {
  source     = "./fabric/modules/dns"
  project_id = "myproject"
  name       = "test-example"
  zone_config = {
    domain = "test.example."
    private = {
      client_networks = [var.vpc.self_link]
    }
  }
  recordsets = {
    "A regular" = { records = ["10.20.0.1"] }
    "A geo" = {
      geo_routing = [
        { location = "europe-west1", records = ["10.0.0.1"] },
        { location = "europe-west2", records = ["10.0.0.2"] },
        { location = "europe-west3", records = ["10.0.0.3"] }
      ]
    }

    "A wrr" = {
      ttl = 600
      wrr_routing = [
        { weight = 0.6, records = ["10.10.0.1"] },
        { weight = 0.2, records = ["10.10.0.2"] },
        { weight = 0.2, records = ["10.10.0.3"] }
      ]
    }
  }
}
# tftest modules=1 resources=5 inventory=routing-policies.yaml

Reverse Lookup Zone

module "private-dns" {
  source     = "./fabric/modules/dns"
  project_id = "myproject"
  name       = "test-example"
  zone_config = {
    domain = "0.0.10.in-addr.arpa."
    private = {
      client_networks = [var.vpc.self_link]
    }
  }
}
# tftest modules=1 resources=2 inventory=reverse-zone.yaml

Public Zone

module "public-dns" {
  source     = "./fabric/modules/dns"
  project_id = "myproject"
  name       = "example"
  zone_config = {
    domain = "example.com."
    public = {}
  }
  recordsets = {
    "A myhost" = { ttl = 300, records = ["127.0.0.1"] }
  }
  iam = {
    "roles/dns.admin" = ["group:[email protected]"]
  }
}
# tftest modules=1 resources=4 inventory=public-zone.yaml

Variables

name description type required default
name Zone name, must be unique within the project. string
project_id Project id for the zone. string
description Domain description. string "Terraform managed."
iam IAM bindings in {ROLE => [MEMBERS]} format. map(list(string)) null
recordsets Map of DNS recordsets in "type name" => {ttl, [records]} format. map(object({…})) {}
zone_config DNS zone configuration. object({…}) null

Outputs

name description sensitive
dns_keys DNSKEY and DS records of DNSSEC-signed managed zones.
domain The DNS zone domain.
id Fully qualified zone id.
name The DNS zone name.
name_servers The DNS zone name servers.
zone DNS zone resource.