googleDnsRecordSet

Manages a set of DNS records within Google Cloud DNS. For more information see the official documentation and API.

\~> Note: The provider treats this resource as an authoritative record set. This means existing records (including the default records) for the given type will be overwritten when you create this resource in Terraform. In addition, the Google Cloud DNS API requires NS records to be present at all times, so Terraform will not actually remove NS records during destroy but will report that it did.

Example Usage

Binding a DNS name to the ephemeral IP of a new instance:

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeInstanceFrontend =
  new google.computeInstance.ComputeInstance(this, "frontend", {
    boot_disk: [
      {
        initialize_params: [
          {
            image: "debian-cloud/debian-11",
          },
        ],
      },
    ],
    machine_type: "g1-small",
    name: "frontend",
    network_interface: [
      {
        access_config: [{}],
        network: "default",
      },
    ],
    zone: "us-central1-b",
  });
const googleDnsManagedZoneProd = new google.dnsManagedZone.DnsManagedZone(
  this,
  "prod",
  {
    dns_name: "prod.mydomain.com.",
    name: "prod-zone",
  }
);
const googleDnsRecordSetFrontend = new google.dnsRecordSet.DnsRecordSet(
  this,
  "frontend_2",
  {
    managed_zone: googleDnsManagedZoneProd.name,
    name: `frontend.\${${googleDnsManagedZoneProd.dnsName}}`,
    rrdatas: [
      `\${${googleComputeInstanceFrontend.networkInterface.fqn}[0].access_config[0].nat_ip}`,
    ],
    ttl: 300,
    type: "A",
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleDnsRecordSetFrontend.overrideLogicalId("frontend");

Adding an A record

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleDnsManagedZoneProd = new google.dnsManagedZone.DnsManagedZone(
  this,
  "prod",
  {
    dns_name: "prod.mydomain.com.",
    name: "prod-zone",
  }
);
new google.dnsRecordSet.DnsRecordSet(this, "a", {
  managed_zone: googleDnsManagedZoneProd.name,
  name: `backend.\${${googleDnsManagedZoneProd.dnsName}}`,
  rrdatas: ["8.8.8.8"],
  ttl: 300,
  type: "A",
});

Adding an MX record

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleDnsManagedZoneProd = new google.dnsManagedZone.DnsManagedZone(
  this,
  "prod",
  {
    dns_name: "prod.mydomain.com.",
    name: "prod-zone",
  }
);
new google.dnsRecordSet.DnsRecordSet(this, "mx", {
  managed_zone: googleDnsManagedZoneProd.name,
  name: googleDnsManagedZoneProd.dnsName,
  rrdatas: [
    "1 aspmx.l.google.com.",
    "5 alt1.aspmx.l.google.com.",
    "5 alt2.aspmx.l.google.com.",
    "10 alt3.aspmx.l.google.com.",
    "10 alt4.aspmx.l.google.com.",
  ],
  ttl: 3600,
  type: "MX",
});

Adding an SPF record

Quotes ("") must be added around your rrdatas for a SPF record. Otherwise rrdatas string gets split on spaces.

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleDnsManagedZoneProd = new google.dnsManagedZone.DnsManagedZone(
  this,
  "prod",
  {
    dns_name: "prod.mydomain.com.",
    name: "prod-zone",
  }
);
new google.dnsRecordSet.DnsRecordSet(this, "spf", {
  managed_zone: googleDnsManagedZoneProd.name,
  name: `frontend.\${${googleDnsManagedZoneProd.dnsName}}`,
  rrdatas: [
    '"v=spf1 ip4:111.111.111.111 include:backoff.email-example.com -all"',
  ],
  ttl: 300,
  type: "TXT",
});

Adding a CNAME record

The list of rrdatas should only contain a single string corresponding to the Canonical Name intended.

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleDnsManagedZoneProd = new google.dnsManagedZone.DnsManagedZone(
  this,
  "prod",
  {
    dns_name: "prod.mydomain.com.",
    name: "prod-zone",
  }
);
new google.dnsRecordSet.DnsRecordSet(this, "cname", {
  managed_zone: googleDnsManagedZoneProd.name,
  name: `frontend.\${${googleDnsManagedZoneProd.dnsName}}`,
  rrdatas: ["frontend.mydomain.com."],
  ttl: 300,
  type: "CNAME",
});

Setting Routing Policy instead of using rrdatas

Weighted Round Robin

resource "google_dns_record_set" "wrr" {
  name         = "backend.${google_dns_managed_zone.prod.dns_name}"
  managed_zone = google_dns_managed_zone.prod.name
  type         = "A"
  ttl          = 300

  routing_policy {
    wrr {
      weight  = 0.8
      rrdatas =  ["10.128.1.1"]
    }

    wrr {
      weight  = 0.2
      rrdatas =  ["10.130.1.1"]
    }
  }

Geolocation

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
new google.dnsRecordSet.DnsRecordSet(this, "geo", {
  managed_zone: "${google_dns_managed_zone.prod.name}",
  name: "backend.${google_dns_managed_zone.prod.dns_name}",
  routing_policy: [
    {
      geo: [
        {
          location: "asia-east1",
          rrdatas: ["10.128.1.1"],
        },
        {
          location: "us-central1",
          rrdatas: ["10.130.1.1"],
        },
      ],
    },
  ],
  ttl: 300,
  type: "A",
});

Primary-Backup

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeNetworkProd = new google.computeNetwork.ComputeNetwork(
  this,
  "prod",
  {
    name: "prod-network",
  }
);
const googleComputeRegionBackendServiceProd =
  new google.computeRegionBackendService.ComputeRegionBackendService(
    this,
    "prod_1",
    {
      name: "prod-backend",
      region: "us-central1",
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeRegionBackendServiceProd.overrideLogicalId("prod");
const googleDnsManagedZoneProd = new google.dnsManagedZone.DnsManagedZone(
  this,
  "prod_2",
  {
    dns_name: "prod.mydomain.com.",
    name: "prod-zone",
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleDnsManagedZoneProd.overrideLogicalId("prod");
const googleComputeForwardingRuleProd =
  new google.computeForwardingRule.ComputeForwardingRule(this, "prod_3", {
    all_ports: true,
    backend_service: googleComputeRegionBackendServiceProd.id,
    load_balancing_scheme: "INTERNAL",
    name: "prod-ilb",
    network: googleComputeNetworkProd.name,
    region: "us-central1",
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeForwardingRuleProd.overrideLogicalId("prod");
new google.dnsRecordSet.DnsRecordSet(this, "a", {
  managed_zone: googleDnsManagedZoneProd.name,
  name: `backend.\${${googleDnsManagedZoneProd.dnsName}}`,
  routing_policy: [
    {
      primary_backup: [
        {
          backup_geo: [
            {
              location: "asia-east1",
              rrdatas: ["10.128.1.1"],
            },
            {
              location: "us-west1",
              rrdatas: ["10.130.1.1"],
            },
          ],
          primary: [
            {
              internal_load_balancers: [
                {
                  ip_address: googleComputeForwardingRuleProd.ipAddress,
                  ip_protocol: "tcp",
                  load_balancer_type: "regionalL4ilb",
                  network_url: googleComputeNetworkProd.id,
                  port: "80",
                  project: googleComputeForwardingRuleProd.project,
                  region: googleComputeForwardingRuleProd.region,
                },
              ],
            },
          ],
          trickle_ratio: 0.1,
        },
      ],
    },
  ],
  ttl: 300,
  type: "A",
});

Argument Reference

The following arguments are supported:

managedZone - (Required) The name of the zone in which this record set will reside.
name - (Required) The DNS name this record set will apply to.
type - (Required) The DNS record set type.

rrdatas - (Optional) The string data for the records in this record set whose meaning depends on the DNS type. For TXT record, if the string data contains spaces, add surrounding \" if you don't want your string to get split on spaces. To specify a single record value longer than 255 characters such as a TXT record for DKIM, add \" \" inside the Terraform configuration string (e.g. "first255Characters\" \"morecharacters").
routingPolicy - (Optional) The configuration for steering traffic based on query. Now you can specify either Weighted Round Robin(WRR) type or Geolocation(GEO) type. Structure is documented below.
ttl - (Optional) The time-to-live of this record set (seconds).
project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The routingPolicy block supports:

wrr - (Optional) The configuration for Weighted Round Robin based routing policy. Structure is document below.
geo - (Optional) The configuration for Geolocation based routing policy. Structure is document below.
enableGeoFencing - (Optional) Specifies whether to enable fencing for geo queries.
primaryBackup - (Optional) The configuration for a primary-backup policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy. Structure is document below.

The wrr block supports:

weight - (Required) The ratio of traffic routed to the target.
rrdatas - (Optional) Same as rrdatas above.
healthCheckedTargets - (Optional) The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or healthCheckedTargets can be set. Structure is document below.

The geo block supports:

location - (Required) The location name defined in Google Cloud.
rrdatas - (Optional) Same as rrdatas above.
healthCheckedTargets - (Optional) For A and AAAA types only. The list of targets to be health checked. These can be specified along with rrdatas within this item. Structure is document below.

The primaryBackup block supports:

primary - (Required) The list of global primary targets to be health checked. Structure is document below.
backupGeo - (Required) The backup geo targets, which provide a regional failover policy for the otherwise global primary targets. Structure is document above.
enableGeoFencingForBackups - (Optional) Specifies whether to enable fencing for backup geo queries.
trickleRatio - (Optional) Specifies the percentage of traffic to send to the backup targets even when the primary targets are healthy.

The healthCheckedTargets block supports:

internalLoadBalancers - (Required) The list of internal load balancers to health check. Structure is document below.

The internalLoadBalancers block supports:

loadBalancerType - (Required) The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb"]
ipAddress - (Required) The frontend IP address of the load balancer.
port - (Required) The configured port of the load balancer.
ipProtocol - (Required) The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: ["tcp", "udp"]
networkUrl - (Required) The fully qualified url of the network in which the load balancer belongs. This should be formatted like projects/{project}/global/networks/{network} or https://wwwGoogleapisCom/compute/v1/projects/{project}/global/networks/{network}.
project - (Required) The ID of the project in which the load balancer belongs.
region - (Optional) The region of the load balancer. Only needed for regional load balancers.

Attributes Reference

-In addition to the arguments listed above, the following computed attributes are -exported:

id - an identifier for the resource with format projects/{{project}}/managedZones/{{zone}}/rrsets/{{name}}/{{type}}

Import

DNS record sets can be imported using either of these accepted formats:

$ terraform import google_dns_record_set.frontend projects/{{project}}/managedZones/{{zone}}/rrsets/{{name}}/{{type}}
$ terraform import google_dns_record_set.frontend {{project}}/{{zone}}/{{name}}/{{type}}
$ terraform import google_dns_record_set.frontend {{zone}}/{{name}}/{{type}}

Note: The record name must include the trailing dot at the end.