This module allows simple management of Google Cloud DNS zones and records. It supports creating public, private, forwarding, peering, service directory and reverse-managed based zones. To create inbound/outbound server policies, please have a look at the net-vpc module.
For DNSSEC configuration, refer to the dns_managed_zone
documentation.
module "private-dns" {
source = "./fabric/modules/dns"
project_id = "myproject"
name = "test-example"
zone_config = {
domain = "test.example."
private = {
client_networks = [var.vpc.self_link]
}
}
recordsets = {
"A localhost" = { records = ["127.0.0.1"] }
"A myhost" = { ttl = 600, records = ["10.0.0.120"] }
}
iam = {
"roles/dns.admin" = ["group:[email protected]"]
}
}
# tftest modules=1 resources=5 inventory=private-zone.yaml
module "private-dns" {
source = "./fabric/modules/dns"
project_id = "myproject"
name = "test-example"
zone_config = {
domain = "test.example."
forwarding = {
client_networks = [var.vpc.self_link]
forwarders = { "10.0.1.1" = null, "1.2.3.4" = "private" }
}
}
}
# tftest modules=1 resources=2 inventory=forwarding-zone.yaml
module "private-dns" {
source = "./fabric/modules/dns"
project_id = "myproject"
name = "test-example"
zone_config = {
domain = "."
peering = {
client_networks = [var.vpc.self_link]
peer_network = var.vpc2.self_link
}
}
}
# tftest modules=1 resources=2 inventory=peering-zone.yaml
module "private-dns" {
source = "./fabric/modules/dns"
project_id = "myproject"
name = "test-example"
zone_config = {
domain = "test.example."
private = {
client_networks = [var.vpc.self_link]
}
}
recordsets = {
"A regular" = { records = ["10.20.0.1"] }
"A geo" = {
geo_routing = [
{ location = "europe-west1", records = ["10.0.0.1"] },
{ location = "europe-west2", records = ["10.0.0.2"] },
{ location = "europe-west3", records = ["10.0.0.3"] }
]
}
"A wrr" = {
ttl = 600
wrr_routing = [
{ weight = 0.6, records = ["10.10.0.1"] },
{ weight = 0.2, records = ["10.10.0.2"] },
{ weight = 0.2, records = ["10.10.0.3"] }
]
}
}
}
# tftest modules=1 resources=5 inventory=routing-policies.yaml
module "private-dns" {
source = "./fabric/modules/dns"
project_id = "myproject"
name = "test-example"
zone_config = {
domain = "0.0.10.in-addr.arpa."
private = {
client_networks = [var.vpc.self_link]
}
}
}
# tftest modules=1 resources=2 inventory=reverse-zone.yaml
module "public-dns" {
source = "./fabric/modules/dns"
project_id = "myproject"
name = "example"
zone_config = {
domain = "example.com."
public = {}
}
recordsets = {
"A myhost" = { ttl = 300, records = ["127.0.0.1"] }
}
iam = {
"roles/dns.admin" = ["group:[email protected]"]
}
}
# tftest modules=1 resources=4 inventory=public-zone.yaml
name | description | type | required | default |
---|---|---|---|---|
name | Zone name, must be unique within the project. | string |
✓ | |
project_id | Project id for the zone. | string |
✓ | |
description | Domain description. | string |
"Terraform managed." |
|
iam | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) |
null |
|
recordsets | Map of DNS recordsets in "type name" => {ttl, [records]} format. | map(object({…})) |
{} |
|
zone_config | DNS zone configuration. | object({…}) |
null |
name | description | sensitive |
---|---|---|
dns_keys | DNSKEY and DS records of DNSSEC-signed managed zones. | |
domain | The DNS zone domain. | |
id | Fully qualified zone id. | |
name | The DNS zone name. | |
name_servers | The DNS zone name servers. | |
zone | DNS zone resource. |