# Google Cloud DNS Module This module allows simple management of Google Cloud DNS zones and records. It supports creating public, private, forwarding, peering, service directory and reverse-managed based zones. To create inbound/outbound server policies, please have a look at the [net-vpc](../net-vpc/README.md) module. For DNSSEC configuration, refer to the [`dns_managed_zone` documentation](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_managed_zone#dnssec_config). ## Examples ### Private Zone ```hcl module "private-dns" { source = "./fabric/modules/dns" project_id = "myproject" type = "private" name = "test-example" domain = "test.example." client_networks = [var.vpc.self_link] recordsets = { "A localhost" = { records = ["127.0.0.1"] } "A myhost" = { ttl = 600, records = ["10.0.0.120"] } } iam = { "roles/dns.admin" = ["group:dns-administrators@myorg.com"] } } # tftest modules=1 resources=4 inventory=private-zone.yaml ``` ### Forwarding Zone ```hcl module "private-dns" { source = "./fabric/modules/dns" project_id = "myproject" type = "forwarding" name = "test-example" domain = "test.example." client_networks = [var.vpc.self_link] forwarders = { "10.0.1.1" = null, "1.2.3.4" = "private" } } # tftest modules=1 resources=1 inventory=forwarding-zone.yaml ``` ### Peering Zone ```hcl module "private-dns" { source = "./fabric/modules/dns" project_id = "myproject" type = "peering" name = "test-example" domain = "." description = "Forwarding zone for ." client_networks = [var.vpc.self_link] peer_network = var.vpc2.self_link } # tftest modules=1 resources=1 inventory=peering-zone.yaml ``` ### Routing Policies ```hcl module "private-dns" { source = "./fabric/modules/dns" project_id = "myproject" type = "private" name = "test-example" domain = "test.example." client_networks = [var.vpc.self_link] recordsets = { "A regular" = { records = ["10.20.0.1"] } "A geo" = { geo_routing = [ { location = "europe-west1", records = ["10.0.0.1"] }, { location = "europe-west2", records = ["10.0.0.2"] }, { location = "europe-west3", records = ["10.0.0.3"] } ] } "A wrr" = { ttl = 600 wrr_routing = [ { weight = 0.6, records = ["10.10.0.1"] }, { weight = 0.2, records = ["10.10.0.2"] }, { weight = 0.2, records = ["10.10.0.3"] } ] } } } # tftest modules=1 resources=4 inventory=routing-policies.yaml ``` ### Reverse Lookup Zone ```hcl module "private-dns" { source = "./fabric/modules/dns" project_id = "myproject" type = "reverse-managed" name = "test-example" domain = "0.0.10.in-addr.arpa." client_networks = [var.vpc.self_link] } # tftest modules=1 resources=1 inventory=reverse-zone.yaml ``` ### Public Zone ```hcl module "public-dns" { source = "./fabric/modules/dns" project_id = "myproject" type = "public" name = "example" domain = "example.com." recordsets = { "A myhost" = { ttl = 300, records = ["127.0.0.1"] } } iam = { "roles/dns.admin" = ["group:dns-administrators@myorg.com"] } } # tftest modules=1 resources=4 inventory=public-zone.yaml ``` ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [domain](variables.tf#L54) | Zone domain, must end with a period. | string | ✓ | | | [name](variables.tf#L78) | Zone name, must be unique within the project. | string | ✓ | | | [project_id](variables.tf#L89) | Project id for the zone. | string | ✓ | | | [client_networks](variables.tf#L21) | List of VPC self links that can see this zone. | list(string) | | [] | | [description](variables.tf#L28) | Domain description. | string | | "Terraform managed." | | [dnssec_config](variables.tf#L34) | DNSSEC configuration for this zone. | object({…}) | | {…} | | [enable_logging](variables.tf#L59) | Enable query logging for this zone. | bool | | false | | [forwarders](variables.tf#L66) | Map of {IPV4_ADDRESS => FORWARDING_PATH} for 'forwarding' zone types. Path can be 'default', 'private', or null for provider default. | map(string) | | {} | | [iam](variables.tf#L72) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | null | | [peer_network](variables.tf#L83) | Peering network self link, only valid for 'peering' zone types. | string | | null | | [recordsets](variables.tf#L94) | Map of DNS recordsets in \"type name\" => {ttl, [records]} format. | map(object({…})) | | {} | | [service_directory_namespace](variables.tf#L129) | Service directory namespace id (URL), only valid for 'service-directory' zone types. | string | | null | | [type](variables.tf#L135) | Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering', 'service-directory','reverse-managed'. | string | | "private" | | [zone_create](variables.tf#L145) | Create zone. When set to false, uses a data source to reference existing zone. | bool | | true | ## Outputs | name | description | sensitive | |---|---|:---:| | [dns_keys](outputs.tf#L17) | DNSKEY and DS records of DNSSEC-signed managed zones. | | | [domain](outputs.tf#L22) | The DNS zone domain. | | | [id](outputs.tf#L27) | Fully qualified zone id. | | | [name](outputs.tf#L32) | The DNS zone name. | | | [name_servers](outputs.tf#L37) | The DNS zone name servers. | | | [type](outputs.tf#L42) | The DNS zone type. | | | [zone](outputs.tf#L47) | DNS zone resource. | |