Name	Name	Last commit message	Last commit date
parent directory ..
README.md	README.md
main.tf	main.tf
outputs.tf	outputs.tf
variables.tf	variables.tf
versions.tf	versions.tf

Google Cloud DNS Module

This module allows simple management of Google Cloud DNS zones and records. It supports creating public, private, forwarding, peering, service directory and reverse-managed based zones. To create inbound/outbound server policies, please have a look at the net-vpc module.

For DNSSEC configuration, refer to the dns_managed_zone documentation.

Examples

Private Zone

module "private-dns" {
  source          = "./fabric/modules/dns"
  project_id      = "myproject"
  type            = "private"
  name            = "test-example"
  domain          = "test.example."
  client_networks = [var.vpc.self_link]
  recordsets = {
    "A localhost" = { records = ["127.0.0.1"] }
    "A myhost"    = { ttl = 600, records = ["10.0.0.120"] }
  }
  iam = {
    "roles/dns.admin" = ["group:[email protected]"]
  }
}
# tftest modules=1 resources=4 inventory=private-zone.yaml

Forwarding Zone

module "private-dns" {
  source          = "./fabric/modules/dns"
  project_id      = "myproject"
  type            = "forwarding"
  name            = "test-example"
  domain          = "test.example."
  client_networks = [var.vpc.self_link]
  forwarders      = { "10.0.1.1" = null, "1.2.3.4" = "private" }
}
# tftest modules=1 resources=1 inventory=forwarding-zone.yaml

Peering Zone

module "private-dns" {
  source          = "./fabric/modules/dns"
  project_id      = "myproject"
  type            = "peering"
  name            = "test-example"
  domain          = "."
  description     = "Forwarding zone for ."
  client_networks = [var.vpc.self_link]
  peer_network    = var.vpc2.self_link
}
# tftest modules=1 resources=1 inventory=peering-zone.yaml

Routing Policies

module "private-dns" {
  source          = "./fabric/modules/dns"
  project_id      = "myproject"
  type            = "private"
  name            = "test-example"
  domain          = "test.example."
  client_networks = [var.vpc.self_link]
  recordsets = {
    "A regular" = { records = ["10.20.0.1"] }
    "A geo" = {
      geo_routing = [
        { location = "europe-west1", records = ["10.0.0.1"] },
        { location = "europe-west2", records = ["10.0.0.2"] },
        { location = "europe-west3", records = ["10.0.0.3"] }
      ]
    }

    "A wrr" = {
      ttl = 600
      wrr_routing = [
        { weight = 0.6, records = ["10.10.0.1"] },
        { weight = 0.2, records = ["10.10.0.2"] },
        { weight = 0.2, records = ["10.10.0.3"] }
      ]
    }
  }
}
# tftest modules=1 resources=4 inventory=routing-policies.yaml

Reverse Lookup Zone

module "private-dns" {
  source          = "./fabric/modules/dns"
  project_id      = "myproject"
  type            = "reverse-managed"
  name            = "test-example"
  domain          = "0.0.10.in-addr.arpa."
  client_networks = [var.vpc.self_link]
}
# tftest modules=1 resources=1 inventory=reverse-zone.yaml

Public Zone

module "public-dns" {
  source     = "./fabric/modules/dns"
  project_id = "myproject"
  type       = "public"
  name       = "example"
  domain     = "example.com."
  recordsets = {
    "A myhost" = { ttl = 300, records = ["127.0.0.1"] }
  }
  iam = {
    "roles/dns.admin" = ["group:[email protected]"]
  }
}
# tftest modules=1 resources=4 inventory=public-zone.yaml

Variables

name	description	type	required	default
domain	Zone domain, must end with a period.	`string`	✓
name	Zone name, must be unique within the project.	`string`	✓
project_id	Project id for the zone.	`string`	✓
client_networks	List of VPC self links that can see this zone.	`list(string)`		`[]`
description	Domain description.	`string`		`"Terraform managed."`
dnssec_config	DNSSEC configuration for this zone.	`object({…})`		`{…}`
enable_logging	Enable query logging for this zone.	`bool`		`false`
forwarders	Map of {IPV4_ADDRESS => FORWARDING_PATH} for 'forwarding' zone types. Path can be 'default', 'private', or null for provider default.	`map(string)`		`{}`
iam	IAM bindings in {ROLE => [MEMBERS]} format.	`map(list(string))`		`null`
peer_network	Peering network self link, only valid for 'peering' zone types.	`string`		`null`
recordsets	Map of DNS recordsets in "type name" => {ttl, [records]} format.	`map(object({…}))`		`{}`
service_directory_namespace	Service directory namespace id (URL), only valid for 'service-directory' zone types.	`string`		`null`
type	Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering', 'service-directory','reverse-managed'.	`string`		`"private"`
zone_create	Create zone. When set to false, uses a data source to reference existing zone.	`bool`		`true`

Outputs

name	description	sensitive
dns_keys	DNSKEY and DS records of DNSSEC-signed managed zones.
domain	The DNS zone domain.
id	Fully qualified zone id.
name	The DNS zone name.
name_servers	The DNS zone name servers.
type	The DNS zone type.
zone	DNS zone resource.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

dns

dns

README.md

Google Cloud DNS Module

Examples

Private Zone

Forwarding Zone

Peering Zone

Routing Policies

Reverse Lookup Zone

Public Zone

Variables

Outputs

Files

dns

Directory actions

More options

Directory actions

More options

Latest commit

History

dns

Folders and files

parent directory

README.md

Google Cloud DNS Module

Examples

Private Zone

Forwarding Zone

Peering Zone

Routing Policies

Reverse Lookup Zone

Public Zone

Variables

Outputs