Google Cloud DNS Module
This module allows simple management of Google Cloud DNS zones and records. It supports creating public, private, forwarding, peering, service directory and reverse-managed based zones. To create inbound/outbound server policies, please have a look at the net-vpc module.
For DNSSEC configuration, refer to the dns_managed_zone
documentation.
Examples
Private Zone
module "private-dns" {
source = "./fabric/modules/dns"
project_id = var.project_id
name = "test-example"
zone_config = {
domain = "test.example."
private = {
client_networks = [var.vpc.self_link]
}
}
recordsets = {
"A localhost" = { records = ["127.0.0.1"] }
"A myhost" = { ttl = 600, records = ["10.0.0.120"] }
}
iam = {
"roles/dns.admin" = ["group:${var.group_email}"]
}
}
# tftest modules=1 resources=4 inventory=private-zone.yaml e2e
Forwarding Zone
module "private-dns" {
source = "./fabric/modules/dns"
project_id = var.project_id
name = "test-example"
zone_config = {
domain = "test.example."
forwarding = {
client_networks = [var.vpc.self_link]
forwarders = { "10.0.1.1" = null, "1.2.3.4" = "private" }
}
}
}
# tftest modules=1 resources=1 inventory=forwarding-zone.yaml e2e
Peering Zone
module "private-dns" {
source = "./fabric/modules/dns"
project_id = var.project_id
name = "test-example"
zone_config = {
domain = "."
peering = {
client_networks = [var.vpc.self_link]
peer_network = var.vpc2.self_link
}
}
}
# tftest modules=1 resources=1 inventory=peering-zone.yaml
Routing Policies
module "private-dns" {
source = "./fabric/modules/dns"
project_id = var.project_id
name = "test-example"
zone_config = {
domain = "test.example."
private = {
client_networks = [var.vpc.self_link]
}
}
recordsets = {
"A regular" = { records = ["10.20.0.1"] }
"A geo1" = {
geo_routing = [
{ location = "europe-west1", records = ["10.0.0.1"] },
{ location = "europe-west2", records = ["10.0.0.2"] },
{ location = "europe-west3", records = ["10.0.0.3"] }
]
}
"A geo2" = {
geo_routing = [
{ location = var.region, health_checked_targets = [
{
load_balancer_type = "globalL7ilb"
ip_address = module.net-lb-app-int-cross-region.addresses[var.region]
port = "80"
ip_protocol = "tcp"
network_url = var.vpc.self_link
project = var.project_id
}
] }
]
}
"A wrr" = {
ttl = 600
wrr_routing = [
{ weight = 0.6, records = ["10.10.0.1"] },
{ weight = 0.2, records = ["10.10.0.2"] },
{ weight = 0.2, records = ["10.10.0.3"] }
]
}
}
}
# tftest modules=4 resources=12 fixtures=fixtures/net-lb-app-int-cross-region.tf,fixtures/compute-mig.tf inventory=routing-policies.yaml e2e
Reverse Lookup Zone
module "private-dns" {
source = "./fabric/modules/dns"
project_id = var.project_id
name = "test-example"
zone_config = {
domain = "0.0.10.in-addr.arpa."
private = {
client_networks = [var.vpc.self_link]
}
}
}
# tftest modules=1 resources=1 inventory=reverse-zone.yaml e2e
Public Zone
module "public-dns" {
source = "./fabric/modules/dns"
project_id = var.project_id
name = "test-example"
zone_config = {
domain = "test.example."
public = {}
}
recordsets = {
"A myhost" = { ttl = 300, records = ["127.0.0.1"] }
}
iam = {
"roles/dns.admin" = ["group:${var.group_email}"]
}
}
# tftest modules=1 resources=3 inventory=public-zone.yaml e2e
Variables
name |
description |
type |
required |
default |
name |
Zone name, must be unique within the project. |
string |
✓ |
|
project_id |
Project id for the zone. |
string |
✓ |
|
description |
Domain description. |
string |
|
"Terraform managed." |
force_destroy |
Set this to true to delete all records in the zone upon zone destruction. |
bool |
|
null |
iam |
IAM bindings in {ROLE => [MEMBERS]} format. |
map(list(string)) |
|
null |
recordsets |
Map of DNS recordsets in "type name" => {ttl, [records]} format. |
map(object({…})) |
|
{} |
zone_config |
DNS zone configuration. |
object({…}) |
|
null |
Outputs
name |
description |
sensitive |
dns_keys |
DNSKEY and DS records of DNSSEC-signed managed zones. |
|
domain |
The DNS zone domain. |
|
id |
Fully qualified zone id. |
|
name |
The DNS zone name. |
|
name_servers |
The DNS zone name servers. |
|
zone |
DNS zone resource. |
|
Fixtures