google::dns-managed-zone¶

Creates a Managed Zone.

Example¶

google::dns-managed-zone private-managed-zone-example
    name: "private-managed-zone-example"
    description: "Private Managed Zone Example"
    dns-name: "private.example.com."
    visibility: "private"

    private-visibility-config
        network
            network: $(google::compute-network managed-zone-network-example)
        end
    end
end

google::dns-managed-zone public-managed-zone-example
    name: "public-managed-zone-example"
    description: "Public Managed Zone Example"
    dns-name: "p.example.com."

    dnssec-config
        state: "on"
    end
end

Attributes¶

Attribute	Description
description	A mutable string of at most 1024 characters associated with this resource for the user’s convenience. Has no effect on the managed zone’s function. (Required)
dns-name	The DNS name of this managed zone, for instance `example.com.`. Must be a string ending with a single `.` at the end. Valid values satisfy the regex: `[.+(?<!\\.)\\.\\z]`.
dnssec-config subresource	DNSSEC configuration. Cannot be set if any of `forwarding-config` or `private-visibility-config` is set. default-key-spec list subresource Specifies parameters for generating initial DnsKeys for this managed zone. algorithm String mnemonic specifying the DNSSEC algorithm of this key. Valid values are `ecdsap256sha256`, `ecdsap384sha384`, `rsasha1`, `rsasha256` or `rsasha512`. key-length Length of the keys in bits. key-type Specifies whether this is a key signing key (KSK) or a zone signing key (ZSK). Key signing keys have the Secure Entry Point flag set and, when active, will only be used to sign resource record sets of type DNSKEY. Zone signing keys do not have the Secure Entry Point flag set and will be used to sign all other types of resource record sets. Valid values are `keySigning` or `zoneSigning`. (Required) non-existence Specifies the mechanism for authenticated denial-of-existence responses. Valid values are `nsec` or `nsec3`. state Specifies whether DNSSEC is enabled, and what mode it is in. Valid values are `on`, `off` or `transfer`.
forwarding-config subresource	The presence for this field indicates that outbound forwarding is enabled for this zone. The value of this field contains the set of destinations to forward to. Cannot be set if `dnssec-config` is set. target-name-server list subresource List of target name servers to forward to. Cloud DNS will select the best available name server if more than one target is given. (Required) ipv4-address IPv4 address of a target name server. (Required)
labels map	User labels.
name	User assigned name for this resource. Must be unique within the project. The name must be 1-63 characters long, must begin with a letter, end with a letter or digit, and only contain lowercase letters, digits or dashes. (Required)
name-server-set	Optionally specifies the NameServerSet for this ManagedZone. A NameServerSet is a set of DNS name servers that all host the same ManagedZones. Most users will leave this field unset.
private-visibility-config subresource	For privately visible zones, the set of Virtual Private Cloud resources that the zone is visible from. Cannot be set if `dnssec-config` is set. network list subresource The list of VPC networks that can see this zone. (Required) network resource google::compute-network resource The VPC network to bind to. (Required)
visibility	The zone’s visibility: public zones are exposed to the Internet, while private zones are visible only to Virtual Private Cloud resources. Valid values are `private` or `public`.

Outputs¶

Attribute	Description
name-servers list	Delegate your managed_zone to these virtual name servers.