This module allows simple management of Google Cloud DNS zones and records. It supports creating public, private, forwarding, peering, service directory and reverse-managed based zones. To create inbound/outbound server policies, please have a look at the net-vpc module.
For DNSSEC configuration, refer to the dns_managed_zone documentation.
module "private-dns" {
source = "./fabric/modules/dns"
project_id = var.project_id
name = "test-example"
zone_config = {
domain = "test.example."
private = {
client_networks = [var.vpc.self_link]
}
}
recordsets = {
"A localhost" = { records = ["127.0.0.1"] }
"A myhost" = { ttl = 600, records = ["10.0.0.120"] }
}
iam = {
"roles/dns.admin" = ["group:${var.group_email}"]
}
}
# tftest modules=1 resources=4 inventory=private-zone.yaml e2emodule "private-dns" {
source = "./fabric/modules/dns"
project_id = var.project_id
name = "test-example"
zone_config = {
domain = "test.example."
forwarding = {
client_networks = [var.vpc.self_link]
forwarders = { "10.0.1.1" = null, "1.2.3.4" = "private" }
}
}
}
# tftest modules=1 resources=1 inventory=forwarding-zone.yaml e2emodule "private-dns" {
source = "./fabric/modules/dns"
project_id = var.project_id
name = "test-example"
zone_config = {
domain = "."
peering = {
client_networks = [var.vpc.self_link]
peer_network = var.vpc2.self_link
}
}
}
# tftest modules=1 resources=1 inventory=peering-zone.yamlmodule "private-dns" {
source = "./fabric/modules/dns"
project_id = var.project_id
name = "test-example"
zone_config = {
domain = "test.example."
private = {
client_networks = [var.vpc.self_link]
}
}
recordsets = {
"A regular" = { records = ["10.20.0.1"] }
"A geo1" = {
geo_routing = [
{ location = "europe-west1", records = ["10.0.0.1"] },
{ location = "europe-west2", records = ["10.0.0.2"] },
{ location = "europe-west3", records = ["10.0.0.3"] }
]
}
"A geo2" = {
geo_routing = [
{ location = var.region, health_checked_targets = [
{
load_balancer_type = "globalL7ilb"
ip_address = module.net-lb-app-int-cross-region.addresses[var.region]
port = "80"
ip_protocol = "tcp"
network_url = var.vpc.self_link
project = var.project_id
}
] }
]
}
"A wrr" = {
ttl = 600
wrr_routing = [
{ weight = 0.6, records = ["10.10.0.1"] },
{ weight = 0.2, records = ["10.10.0.2"] },
{ weight = 0.2, records = ["10.10.0.3"] }
]
}
}
}
# tftest modules=4 resources=12 fixtures=fixtures/net-lb-app-int-cross-region.tf,fixtures/compute-mig.tf inventory=routing-policies.yaml e2emodule "private-dns" {
source = "./fabric/modules/dns"
project_id = var.project_id
name = "test-example"
zone_config = {
domain = "0.0.10.in-addr.arpa."
private = {
client_networks = [var.vpc.self_link]
}
}
}
# tftest modules=1 resources=1 inventory=reverse-zone.yaml e2emodule "public-dns" {
source = "./fabric/modules/dns"
project_id = var.project_id
name = "test-example"
zone_config = {
domain = "test.example."
public = {}
}
recordsets = {
"A myhost" = { ttl = 300, records = ["127.0.0.1"] }
}
iam = {
"roles/dns.admin" = ["group:${var.group_email}"]
}
}
# tftest modules=1 resources=3 inventory=public-zone.yaml e2e| name | description | type | required | default |
|---|---|---|---|---|
| name | Zone name, must be unique within the project. | string |
✓ | |
| project_id | Project id for the zone. | string |
✓ | |
| description | Domain description. | string |
"Terraform managed." |
|
| force_destroy | Set this to true to delete all records in the zone upon zone destruction. | bool |
null |
|
| iam | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) |
null |
|
| recordsets | Map of DNS recordsets in "type name" => {ttl, [records]} format. | map(object({…})) |
{} |
|
| zone_config | DNS zone configuration. | object({…}) |
null |
| name | description | sensitive |
|---|---|---|
| dns_keys | DNSKEY and DS records of DNSSEC-signed managed zones. | |
| domain | The DNS zone domain. | |
| id | Fully qualified zone id. | |
| name | The DNS zone name. | |
| name_servers | The DNS zone name servers. | |
| zone | DNS zone resource. |