Deploy public and private Azure DNS Zones and virtual network with highly available resolvers.
Currently, zone delegation for Private DNS Zones on Azure is not supported. It's in the roadmap, but timing is unknown. This module enables zone delegation for private on-premises resolvers already now, by deploying recursive resolver VMs to a private resolution network.
Based on https://github.com/Azure/azure-quickstart-templates/tree/master/301-dns-forwarder, but for Terraform and with HA.
The module will, depending on the configuration, deploy:
- Zero or more public DNS Zones into
${var.prefix}-public-zonesresource group. The group will only be created ifvar.public_zoneslength is greater than 0. - Zero or more private DNS Zones into
${var.prefix}-private-zonesresource group. - One virtual network, subnet and network security group
- One or more resolver VMs into the subnet with
bindconfigured to recursively resolve all DNS queries using Azure's standard168.63.129.16.
Only Azure regions with Availability Zones are supported.
main.tf
module "dns" {
source = "uncleyo/dns/azurerm"
version = "0.1.0"
# required variables:
location = "West Europe"
public_zones = [
"example.org"
]
private_zones = [
"example.org",
"local.only"
]
resolver_vm_admin_username = "admin"
resolver_vm_admin_ssh_pub_key_file = "~/.ssh/id_rsa.pub"
# optional variables with default values:
prefix = "dns"
tags = {}
debug_enable_resolver_public_ips = false
availability_zones = [1, 2, 3]
resolver_count = 2
resolver_vnet_prefix = "10.53.53.0/24"
resolver_subnet_prefix = "10.53.53.0/24"
resolver_ip_offset = 4
resolver_vm_size = Standard_B1ls
resolver_ssh_client_whitelist = [
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
]
resolver_dns_client_whitelist = [
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
]
}- Add support for existing virtual network / subnet?