Skip to content

googleDnsResponsePolicyRule

A Response Policy Rule is a selector that applies its behavior to queries that match the selector. Selectors are DNS names, which may be wildcards or exact matches. Each DNS query subject to a Response Policy matches at most one ResponsePolicyRule, as identified by the dns_name field with the longest matching suffix.

\~> Warning: This resource is in beta, and should be used with the terraform-provider-google-beta provider. See Provider Versions for more details on beta resources.

Open in Cloud Shell

Example Usage - Dns Response Policy Rule Basic

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeNetworkNetwork1 = new google.computeNetwork.ComputeNetwork(
  this,
  "network-1",
  {
    auto_create_subnetworks: false,
    name: "network-1",
    provider: "${google-beta}",
  }
);
const googleComputeNetworkNetwork2 = new google.computeNetwork.ComputeNetwork(
  this,
  "network-2",
  {
    auto_create_subnetworks: false,
    name: "network-2",
    provider: "${google-beta}",
  }
);
const googleDnsResponsePolicyResponsePolicy =
  new google.dnsResponsePolicy.DnsResponsePolicy(this, "response-policy", {
    networks: [
      {
        network_url: googleComputeNetworkNetwork1.id,
      },
      {
        network_url: googleComputeNetworkNetwork2.id,
      },
    ],
    provider: "${google-beta}",
    response_policy_name: "example-response-policy",
  });
new google.dnsResponsePolicyRule.DnsResponsePolicyRule(
  this,
  "example-response-policy-rule",
  {
    dns_name: "dns.example.com.",
    local_data: [
      {
        local_datas: [
          {
            name: "dns.example.com.",
            rrdatas: ["192.0.2.91"],
            ttl: 300,
            type: "A",
          },
        ],
      },
    ],
    provider: "${google-beta}",
    response_policy: googleDnsResponsePolicyResponsePolicy.responsePolicyName,
    rule_name: "example-rule",
  }
);

Argument Reference

The following arguments are supported:

  • ruleName - (Required) An identifier for this rule. Must be unique with the ResponsePolicy.

  • dnsName - (Required) The DNS name (wildcard or exact) to apply this rule to. Must be unique within the Response Policy Rule.

  • responsePolicy - (Required) Identifies the response policy addressed by this request.

  • localData - (Optional) Answer this query directly with DNS data. These ResourceRecordSets override any other DNS behavior for the matched name; in particular they override private zones, the public internet, and GCP internal DNS. No SOA nor NS types are allowed. Structure is documented below.

  • behavior - (Optional) Answer this query with a behavior rather than DNS data. Acceptable values are 'behaviorUnspecified', and 'bypassResponsePolicy'

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The localData block supports:

  • localDatas - (Required) All resource record sets for this selector, one per resource record type. The name must match the dns_name. Structure is documented below.

The localDatas block supports:

  • name - (Required) For example, www.example.com.

  • type - (Required) One of valid DNS resource types. Possible values are a, aaaa, caa, cname, dnskey, ds, https, ipsecvpnkey, mx, naptr, ns, ptr, soa, spf, srv, sshfp, svcb, tlsa, and txt.

  • ttl - (Optional) Number of seconds that this ResourceRecordSet can be cached by resolvers.

  • rrdatas - (Optional) As defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1)

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format projects/{{project}}/responsePolicies/{{responsePolicy}}/rules/{{ruleName}}

Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 20 minutes.
  • update - Default is 20 minutes.
  • delete - Default is 20 minutes.

Import

ResponsePolicyRule can be imported using any of these accepted formats:

$ terraform import google_dns_response_policy_rule.default projects/{{project}}/responsePolicies/{{response_policy}}/rules/{{rule_name}}
$ terraform import google_dns_response_policy_rule.default {{project}}/{{response_policy}}/{{rule_name}}
$ terraform import google_dns_response_policy_rule.default {{response_policy}}/{{rule_name}}

User Project Overrides

This resource supports User Project Overrides.