This module allows simple management of Google Cloud DNS zones and records. It supports creating public, private, forwarding, peering and service directory based zones.
For DNSSEC configuration, refer to the dns_managed_zone
documentation.
module "private-dns" {
source = "./modules/dns"
project_id = "myproject"
type = "private"
name = "test-example"
domain = "test.example."
client_networks = [var.vpc.self_link]
recordsets = {
"A localhost" = { ttl = 300, records = ["127.0.0.1"] }
}
}
# tftest modules=1 resources=2
module "private-dns" {
source = "./modules/dns"
project_id = "myproject"
type = "forwarding"
name = "test-example"
domain = "test.example."
client_networks = [var.vpc.self_link]
forwarders = { "10.0.1.1" = null, "1.2.3.4" = "private" }
}
# tftest modules=1 resources=1
module "private-dns" {
source = "./modules/dns"
project_id = "myproject"
type = "peering"
name = "test-example"
domain = "test.example."
client_networks = [var.vpc.self_link]
peer_network = var.vpc2.self_link
}
# tftest modules=1 resources=1
name | description | type | required | default |
---|---|---|---|---|
domain | Zone domain, must end with a period. | string |
✓ | |
name | Zone name, must be unique within the project. | string |
✓ | |
project_id | Project id for the zone. | string |
✓ | |
client_networks | List of VPC self links that can see this zone. | list(string) |
[] |
|
default_key_specs_key | DNSSEC default key signing specifications: algorithm, key_length, key_type, kind. | any |
{} |
|
default_key_specs_zone | DNSSEC default zone signing specifications: algorithm, key_length, key_type, kind. | any |
{} |
|
description | Domain description. | string |
"Terraform managed." |
|
dnssec_config | DNSSEC configuration: kind, non_existence, state. | any |
{} |
|
forwarders | Map of {IPV4_ADDRESS => FORWARDING_PATH} for 'forwarding' zone types. Path can be 'default', 'private', or null for provider default. | map(string) |
{} |
|
peer_network | Peering network self link, only valid for 'peering' zone types. | string |
null |
|
recordsets | Map of DNS recordsets in "type name" => {ttl, [records]} format. | map(object({…})) |
{} |
|
service_directory_namespace | Service directory namespace id (URL), only valid for 'service-directory' zone types. | string |
null |
|
type | Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering', 'service-directory'. | string |
"private" |
|
zone_create | Create zone. When set to false, uses a data source to reference existing zone. | bool |
true |
name | description | sensitive |
---|---|---|
dns_keys | DNSKEY and DS records of DNSSEC-signed managed zones. | |
domain | The DNS zone domain. | |
name | The DNS zone name. | |
name_servers | The DNS zone name servers. | |
type | The DNS zone type. | |
zone | DNS zone resource. |