diff --git a/fast/stages/2-networking/README.md b/fast/stages/2-networking/README.md index e6a5ef147..cd786b941 100644 --- a/fast/stages/2-networking/README.md +++ b/fast/stages/2-networking/README.md @@ -189,7 +189,7 @@ VPCs are defined in `.config.yaml` files within the `vpcs/[vpc-name]` directory ### DNS -The DNS factory manages Cloud DNS zones and Response Policy Rules. DNS zones are by default defined within the `dns/zones` directory of your chosen dataset. The factory supports private, peering, and forwarding zones. +The DNS factory manages Cloud DNS zones and Response Policy Rules. DNS zones are by default defined within the `dns/zones` directory of your chosen dataset. The factory supports public, private, peering, and forwarding zones. In the default dataset, DNS is centralized in the `net-core-0` (hub) project. It hosts: diff --git a/fast/stages/2-networking/factory-dns.tf b/fast/stages/2-networking/factory-dns.tf index aa74552b8..d51c99936 100644 --- a/fast/stages/2-networking/factory-dns.tf +++ b/fast/stages/2-networking/factory-dns.tf @@ -63,7 +63,15 @@ locals { client_networks = zone_config.forwarding.client_networks } } - : {} + : {}, + contains(keys(try(zone_config, {})), "public") + ? { + public = { + enable_logging = try(zone_config.public.enable_logging, false), + dnssec_config = try(zone_config.public.dnssec_config, {}) + } + } + : {}, ) } ) diff --git a/fast/stages/2-networking/schemas/dns.schema.json b/fast/stages/2-networking/schemas/dns.schema.json index 8d462db6c..9aa054276 100644 --- a/fast/stages/2-networking/schemas/dns.schema.json +++ b/fast/stages/2-networking/schemas/dns.schema.json @@ -35,6 +35,9 @@ }, "forwarding": { "$ref": "#/$defs/forwarding_zone" + }, + "public": { + "$ref": "#/$defs/public_zone" } }, "required": [ @@ -52,6 +55,9 @@ }, "forwarding": { "not": {} + }, + "public": { + "not": {} } } }, @@ -66,6 +72,9 @@ }, "forwarding": { "not": {} + }, + "public": { + "not": {} } } }, @@ -80,6 +89,26 @@ }, "peering": { "not": {} + }, + "public": { + "not": {} + } + } + }, + { + "title": "Public Zone", + "required": [ + "public" + ], + "properties": { + "private": { + "not": {} + }, + "peering": { + "not": {} + }, + "forwarding": { + "not": {} } } } @@ -178,6 +207,56 @@ "required": [ "client_networks" ] + }, + "public_zone": { + "description": "Public zone specific configuration.", + "type": "object", + "additionalProperties": false, + "properties": { + "enable_logging": { + "type": "boolean" + }, + "dnssec_config": { + "type": "object", + "additionalProperties": false, + "properties": { + "state": { + "type": "string" + }, + "non_existence": { + "type": "string", + "enum": [ + "nsec", + "nsec3" + ] + }, + "key_signing_key": { + "type": "object", + "additionalProperties": false, + "properties": { + "algorithm": { + "type": "string" + }, + "key_length": { + "type": "number" + } + } + }, + "zone_signing_key": { + "type": "object", + "additionalProperties": false, + "properties": { + "algorithm": { + "type": "string" + }, + "key_length": { + "type": "number" + } + } + } + } + } + } } } } \ No newline at end of file