Create Azure DNS Private Resolver with Inbound / Outbound endpoints as well as DNS Forwarding rule sets using Terraform.
To learn more about Azure DNS Private Reslover is check out Microsoft Learn: What is Azure DNS Private Resolver?
This Module can be used to create Azure DNS Private Resolver, one or two Inbound and Outbound Endpoints as well as one or two DNS Forwarding rule sets due to the limitations in supporting more then two Inbound/Outbound Endpoints and two DNS forwarding rule sets per Outbound Endpoint giving us total of four DNS Forwarding rule sets available, with two outbound endpoints.
Name | Version |
---|---|
terraform | >= 1.3.0 |
azurerm | ~> 3.36.0 |
Name | Version |
---|---|
azurerm | ~> 3.36.0 |
- azurerm_private_dns_resolver.private_dns_resolver
- azurerm_private_dns_resolver_dns_forwarding_ruleset.forwarding_ruleset
- azurerm_private_dns_resolver_inbound_endpoint.private_dns_resolver_inbound_endpoint
- azurerm_private_dns_resolver_outbound_endpoint.private_dns_resolver_outbound_endpoint
Name | Description | Type | Default | Required |
---|---|---|---|---|
resource_group_name | (Required): Name of the resource group where resources should be deployed. | string |
n/a | yes |
location | (Required): Region / Location where Azure DNS Resolver should be deployed | string |
n/a | yes |
dns_resolver_name | (Required): Name of the Azure DNS Private Resolver | string |
n/a | yes |
virtual_network_id | (Required): ID of the associated virtual network | string |
n/a | yes |
dns_resolver_inbound_endpoints | (Optional): Set of Azure Private DNS resolver Inbound Endpoints | set(object({ |
[] |
no |
dns_resolver_outbound_endpoints | (Optional): Set of Azure Private DNS resolver Outbound Endpoints with one or more Forwarding Rule sets | set(object({ |
[] |
no |
tags | (Optional): Resource Tags | map(string) |
{} |
no |
There is only one Output attribute, but it exports multiple information described in the value column down below.
To get the information needed for example to get the DNS Forwarding Rule Set id to be able to add dns forwarding rules seperatly you can use (Let's say that the module name is dns_resolver_weu
, your outbound endpoint name is outbound
and your rule set name is default-ruleset
): module.dns_resolver_weu.dns_resolver.dns_outbound_endpoints.outbound.dns_forwarding_rulesets.outbound-default-ruleset.ruleset_id
will give you the ID of the dns forwarding rule set needed to add DNS forwarding rule into the forwarding rule set using azurerm_private_dns_resolver_forwarding_rule see Example below.
Name | Description | Value | Sensitive |
---|---|---|---|
dns_resolver | Multi value Output that includes all information needed to use values from the module. | { |
no |
Creating Azure Private DNS Resolver, Inbound & Outbound Endpoint plus DNS Forwarding Rule set. For this example the pre-requisites of Resource Group, Virtual Network, 1x Inbound Subnet, and 1x Outbound subnet have already been declared in the code, and is not included in the example, to create the resouces needed for this example checkout my other module on creating Virtual Network and Subnets: terraform-azurerm-network
#..omitted
module "dns_private_resolver" {
source = "github.com/haflidif/terraform-azurerm-dns-private-resolver"
resource_group_name = azurerm_resource_group.dns_resolver.name
location = azurerm_resource_group.dns_resolver.location
dns_resolver_name = "test-private-dns-resolver"
virtual_network_id = azurerm_virtual_network.vnet.id
tags = {
Configuration = "Terraform"
}
dns_resolver_inbound_endpoints = [
# There is currently only support for two Inbound endpoints per Private Resolver.
{
inbound_endpoint_name = "inbound"
inbound_subnet_id = azurerm_subnet.inbound.id
}
]
dns_resolver_outbound_endpoints = [
# There is currently only support for two Outbound endpoints per Private Resolver.
{
outbound_endpoint_name = "outbound"
outbound_subnet_id = azurerm_subnet.outbound.id
forwarding_rulesets = [
# There is currently only support for two DNS forwarding rulesets per outbound endpoint.
{
forwarding_ruleset_name = "default-ruleset"
}
]
}
]
}
In this example we are going to use the module output for the DNS Forwarding Rule set created in Example 1 to add a DNS Forwarding rule to the rule set outside of the module using azurerm_private_dns_resolver_forwarding_rule each ruleset can have up to 25 rules see restrictions
Each rule includes one or more target DNS Servers divided by block as seen below.
#..omitted
resource "azurerm_private_dns_resolver_forwarding_rule" "corp_mycompany_com" {
name = "corp_mycompany_com" #
dns_forwarding_ruleset_id = module.dns_private_resolver.dns_resolver.dns_outbound_endpoints.outbound.dns_forwarding_rulesets.default-ruleset.ruleset_id
domain_name = "corp.mycompany.com." # Domain name supports 2-34 lables and must end with a dot (period) for example corp.mycompany.com. has three lables.
enabled = true
target_dns_servers {
ip_address = "10.0.0.3"
port = 53
}
target_dns_servers {
ip_address = "10.0.0.4"
port = 53
}
}
In this example we are going to use the inbound endpoint private ip address module output from the private dns resolver created in Example 1 to assign the private ip address to a custom dns servers on virtual network, you can either use the inline dns_server
list in azurerm_virtual_network or the individual resource azurerm_virtual_network_dns_servers but keep in mind, that the DNS servers can't be configured inline and on the individual resource for the same virtual network, as they will conflict with each other.
#..omitted
resource "azurerm_virtual_network" "example" {
name = "example-network"
location = azurerm_resource_group.dns_resolver.location
resource_group_name = azurerm_resource_group.dns_resolver.name
address_space = ["10.0.0.0/16"]
dns_servers = [module.dns_private_resolver.dns_resolver.dns_inbound_endpoints.inbound.inbound_endpoint_private_ip_address]
}
Originally created by Haflidi Fridthjofsson