diff --git a/modules/dns/README.md b/modules/dns/README.md
index 6993e5695..207572c95 100644
--- a/modules/dns/README.md
+++ b/modules/dns/README.md
@@ -1,6 +1,8 @@
 # Google Cloud DNS Module
 
-This module allows simple management of Google Cloud DNS zones and records. It supports creating public, private, forwarding, and peering zones. For DNSSEC configuration, refer to the [`dns_managed_zone` documentation](https://www.terraform.io/docs/providers/google/r/dns_managed_zone.html#dnssec_config).
+This module allows simple management of Google Cloud DNS zones and records. It supports creating public, private, forwarding, peering and service directory based zones.
+
+For DNSSEC configuration, refer to the [`dns_managed_zone` documentation](https://www.terraform.io/docs/providers/google/r/dns_managed_zone.html#dnssec_config).
 
 ## Example
 
@@ -32,9 +34,10 @@ module "private-dns" {
 | *description* | Domain description. | <code title="">string</code> |  | <code title="">Terraform managed.</code> |
 | *dnssec_config* | DNSSEC configuration: kind, non_existence, state. | <code title="">any</code> |  | <code title="">{}</code> |
 | *forwarders* | List of target name servers, only valid for 'forwarding' zone types. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">[]</code> |
-| *peer_network* | Peering network self link, only valid for 'peering' zone types. | <code title="">string</code> |  | <code title=""></code> |
+| *peer_network* | Peering network self link, only valid for 'peering' zone types. | <code title="">string</code> |  | <code title="">null</code> |
 | *recordsets* | List of DNS record objects to manage. | <code title="list&#40;object&#40;&#123;&#10;name    &#61; string&#10;type &#61; string&#10;ttl     &#61; number&#10;records &#61; list&#40;string&#41;&#10;&#125;&#41;&#41;">list(object({...}))</code> |  | <code title="">[]</code> |
-| *type* | Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering'. | <code title="">string</code> |  | <code title="">private</code> |
+| *service_directory_namespace* | Service directory namespace id (URL), only valid for 'service-directory' zone types. | <code title="">string</code> |  | <code title="">null</code> |
+| *type* | Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering', 'service-directory'. | <code title="">string</code> |  | <code title="">private</code> |
 
 ## Outputs
 
diff --git a/modules/dns/main.tf b/modules/dns/main.tf
index 6e098b8d8..abb0beb2d 100644
--- a/modules/dns/main.tf
+++ b/modules/dns/main.tf
@@ -38,14 +38,11 @@ resource "google_dns_managed_zone" "non-public" {
 
   dynamic forwarding_config {
     for_each = (
-      var.type == "forwarding" && var.forwarders != null
-      ? { config = var.forwarders }
-      : {}
+      var.type == "forwarding" && var.forwarders != null ? [""] : []
     )
-    iterator = config
     content {
       dynamic "target_name_servers" {
-        for_each = config.value
+        for_each = var.forwarders
         iterator = address
         content {
           ipv4_address = address.value
@@ -56,14 +53,11 @@ resource "google_dns_managed_zone" "non-public" {
 
   dynamic peering_config {
     for_each = (
-      var.type == "peering" && var.peer_network != null
-      ? { config = var.peer_network }
-      : {}
+      var.type == "peering" && var.peer_network != null ? [""] : []
     )
-    iterator = config
     content {
       target_network {
-        network_url = config.value
+        network_url = var.peer_network
       }
     }
   }
@@ -78,6 +72,19 @@ resource "google_dns_managed_zone" "non-public" {
     }
   }
 
+  dynamic service_directory_config {
+    for_each = (
+      var.type == "service-directory" && var.service_directory_namespace != null
+      ? [""]
+      : []
+    )
+    content {
+      namespace {
+        namespace_url = var.service_directory_namespace
+      }
+    }
+  }
+
 }
 
 resource "google_dns_managed_zone" "public" {
diff --git a/modules/dns/variables.tf b/modules/dns/variables.tf
index 0991038c0..f38fb36a2 100644
--- a/modules/dns/variables.tf
+++ b/modules/dns/variables.tf
@@ -30,9 +30,6 @@ variable "description" {
   default     = "Terraform managed."
 }
 
-# TODO(ludoo): add link to DNSSEC documentation in README
-# https://www.terraform.io/docs/providers/google/r/dns_managed_zone.html#dnssec_config
-
 variable "default_key_specs_key" {
   description = "DNSSEC default key signing specifications: algorithm, key_length, key_type, kind."
   type        = any
@@ -71,7 +68,7 @@ variable "name" {
 variable "peer_network" {
   description = "Peering network self link, only valid for 'peering' zone types."
   type        = string
-  default     = ""
+  default     = null
 }
 
 variable "project_id" {
@@ -90,8 +87,14 @@ variable "recordsets" {
   default     = []
 }
 
+variable "service_directory_namespace" {
+  description = "Service directory namespace id (URL), only valid for 'service-directory' zone types."
+  type        = string
+  default     = null
+}
+
 variable "type" {
-  description = "Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering'."
+  description = "Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering', 'service-directory'."
   type        = string
   default     = "private"
 }