A Response Policy Rule is a selector that applies its behavior to queries that match the selector. Selectors are DNS names, which may be wildcards or exact matches. Each DNS query subject to a Response Policy matches at most one ResponsePolicyRule, as identified by the dns_name field with the longest matching suffix.
resource "google_compute_network" "network-1" {
name = "network-1"
auto_create_subnetworks = false
}
resource "google_compute_network" "network-2" {
name = "network-2"
auto_create_subnetworks = false
}
resource "google_dns_response_policy" "response-policy" {
response_policy_name = "example-response-policy"
networks {
network_url = google_compute_network.network-1.id
}
networks {
network_url = google_compute_network.network-2.id
}
}
resource "google_dns_response_policy_rule" "example-response-policy-rule" {
response_policy = google_dns_response_policy.response-policy.response_policy_name
rule_name = "example-rule"
dns_name = "dns.example.com."
local_data {
local_datas {
name = "dns.example.com."
type = "A"
ttl = 300
rrdatas = ["192.0.2.91"]
}
}
}
The following arguments are supported:
rule_name
-
(Required)
An identifier for this rule. Must be unique with the ResponsePolicy.
dns_name
-
(Required)
The DNS name (wildcard or exact) to apply this rule to. Must be unique within the Response Policy Rule.
response_policy
-
(Required)
Identifies the response policy addressed by this request.
local_data
-
(Optional)
Answer this query directly with DNS data. These ResourceRecordSets override any other DNS behavior for the matched name;
in particular they override private zones, the public internet, and GCP internal DNS. No SOA nor NS types are allowed.
Structure is documented below.
behavior
-
(Optional, Beta)
Answer this query with a behavior rather than DNS data. Acceptable values are 'behaviorUnspecified', and 'bypassResponsePolicy'
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
The local_data
block supports:
local_datas
-
(Required)
All resource record sets for this selector, one per resource record type. The name must match the dns_name.
Structure is documented below.The local_datas
block supports:
name
-
(Required)
For example, www.example.com.
type
-
(Required)
One of valid DNS resource types.
Possible values are: A
, AAAA
, CAA
, CNAME
, DNSKEY
, DS
, HTTPS
, IPSECVPNKEY
, MX
, NAPTR
, NS
, PTR
, SOA
, SPF
, SRV
, SSHFP
, SVCB
, TLSA
, TXT
.
ttl
-
(Optional)
Number of seconds that this ResourceRecordSet can be cached by
resolvers.
rrdatas
-
(Optional)
As defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1)
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/responsePolicies/{{response_policy}}/rules/{{rule_name}}
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.ResponsePolicyRule can be imported using any of these accepted formats:
projects/{{project}}/responsePolicies/{{response_policy}}/rules/{{rule_name}}
{{project}}/{{response_policy}}/{{rule_name}}
{{response_policy}}/{{rule_name}}
In Terraform v1.5.0 and later, use an import
block to import ResponsePolicyRule using one of the formats above. For example:
import {
id = "projects/{{project}}/responsePolicies/{{response_policy}}/rules/{{rule_name}}"
to = google_dns_response_policy_rule.default
}
When using the terraform import
command, ResponsePolicyRule can be imported using one of the formats above. For example:
$ terraform import google_dns_response_policy_rule.default projects/{{project}}/responsePolicies/{{response_policy}}/rules/{{rule_name}}
$ terraform import google_dns_response_policy_rule.default {{project}}/{{response_policy}}/{{rule_name}}
$ terraform import google_dns_response_policy_rule.default {{response_policy}}/{{rule_name}}
This resource supports User Project Overrides.