hunfabric/modules/dns

Google Cloud DNS Module

This module allows simple management of Google Cloud DNS zones and records. It supports creating public, private, forwarding, peering, service directory and reverse-managed based zones. To create inbound/outbound server policies, please have a look at the net-vpc module.

For DNSSEC configuration, refer to the dns_managed_zone documentation.

• Private Zone
• Forwarding Zone
• Peering Zone
• Routing Policies
• Reverse Lookup Zone
• Reverse Lookup Managed Zone
• Public Zone
• Variables
• Outputs
• Fixtures

Private Zone

module "private-dns" {
  source     = "./fabric/modules/dns"
  project_id = var.project_id
  name       = "test-example"
  zone_config = {
    domain = "test.example."
    private = {
      client_networks = [var.vpc.self_link]
    }
  }
  recordsets = {
    "A localhost" = { records = ["127.0.0.1"] }
    "A myhost"    = { ttl = 600, records = ["10.0.0.120"] }
  }
  iam = {
    "roles/dns.admin" = ["group:${var.group_email}"]
  }
}
# tftest modules=1 resources=4 inventory=private-zone.yaml e2e

Forwarding Zone

module "private-dns" {
  source     = "./fabric/modules/dns"
  project_id = var.project_id
  name       = "test-example"
  zone_config = {
    domain = "test.example."
    forwarding = {
      client_networks = [var.vpc.self_link]
      forwarders      = { "10.0.1.1" = null, "1.2.3.4" = "private" }
    }
  }
}
# tftest modules=1 resources=1 inventory=forwarding-zone.yaml e2e

Peering Zone

module "private-dns" {
  source     = "./fabric/modules/dns"
  project_id = var.project_id
  name       = "test-example"
  zone_config = {
    domain = "."
    peering = {
      client_networks = [var.vpc.self_link]
      peer_network    = var.vpc2.self_link
    }
  }
}
# tftest modules=1 resources=1 inventory=peering-zone.yaml

Routing Policies

module "private-dns" {
  source     = "./fabric/modules/dns"
  project_id = var.project_id
  name       = "test-example"
  zone_config = {
    domain = "test.example."
    private = {
      client_networks = [var.vpc.self_link]
    }
  }
  recordsets = {
    "A regular" = { records = ["10.20.0.1"] }
    "A geo1" = {
      geo_routing = [
        { location = "europe-west1", records = ["10.0.0.1"] },
        { location = "europe-west2", records = ["10.0.0.2"] },
        { location = "europe-west3", records = ["10.0.0.3"] }
      ]
    }
    "A geo2" = {
      geo_routing = [
        { location = var.region, health_checked_targets = [
          {
            load_balancer_type = "globalL7ilb"
            ip_address         = module.net-lb-app-int-cross-region.addresses[var.region]
            port               = "80"
            ip_protocol        = "tcp"
            network_url        = var.vpc.self_link
            project            = var.project_id
          }
        ] }
      ]
    }
    "A wrr" = {
      ttl = 600
      wrr_routing = [
        { weight = 0.6, records = ["10.10.0.1"] },
        { weight = 0.2, records = ["10.10.0.2"] },
        { weight = 0.2, records = ["10.10.0.3"] }
      ]
    }
  }
}
# tftest modules=4 resources=12 fixtures=fixtures/net-lb-app-int-cross-region.tf,fixtures/compute-mig.tf inventory=routing-policies.yaml e2e

Reverse Lookup Zone

module "private-dns" {
  source     = "./fabric/modules/dns"
  project_id = var.project_id
  name       = "test-example"
  zone_config = {
    domain = "0.0.10.in-addr.arpa."
    private = {
      client_networks = [var.vpc.self_link]
    }
  }
  recordsets = {
    "PTR 10.0.0.10.in-addr.arpa." = { ttl = 300, records = ["test.example.com."] }
  }
}
# tftest inventory=reverse-zone.yaml e2e

Reverse Lookup Managed Zone

A managed reverse lookup zone is a private zone with a special attribute that instructs Cloud DNS to perform a PTR lookup against Compute Engine DNS data

module "private-dns" {
  source     = "./fabric/modules/dns"
  project_id = var.project_id
  name       = "test-example"
  zone_config = {
    domain = "0.0.10.in-addr.arpa."
    private = {
      client_networks = [var.vpc.self_link]
      reverse_managed = true
    }
  }
}
# tftest inventory=reverse-zone-managed.yaml e2e

Public Zone

module "public-dns" {
  source     = "./fabric/modules/dns"
  project_id = var.project_id
  name       = "test-example"
  zone_config = {
    domain = "test.example."
    public = {}
  }
  recordsets = {
    "A myhost" = { ttl = 300, records = ["127.0.0.1"] }
  }
  iam = {
    "roles/dns.admin" = ["group:${var.group_email}"]
  }
}
# tftest modules=1 resources=3 inventory=public-zone.yaml e2e

Variables

name	description	type	required	default
name	Zone name, must be unique within the project.	string	✓
project_id	Project id for the zone.	string	✓
description	Domain description.	string		"Terraform managed."
force_destroy	Set this to true to delete all records in the zone upon zone destruction.	bool		null
iam	IAM bindings in {ROLE => [MEMBERS]} format.	map(list(string))		null
recordsets	Map of DNS recordsets in "type name" => {ttl, [records]} format.	map(object({…}))		{}
zone_config	DNS zone configuration.	object({…})		null

Outputs

name	description	sensitive
dns_keys	DNSKEY and DS records of DNSSEC-signed managed zones.
domain	The DNS zone domain.
id	Fully qualified zone id.
name	The DNS zone name.
name_servers	The DNS zone name servers.
zone	DNS zone resource.

Fixtures

• compute-mig.tf
• net-lb-app-int-cross-region.tf