» DNS Provider

The DNS provider supports DNS updates (RFC 2136). Additionally, the provider can be configured with secret key based transaction authentication (RFC 2845).

Use the navigation to the left to read about the available resources.

» Example Usage

# Configure the DNS Provider
provider "dns" {
  update {
    server        = "192.168.0.1"
    key_name      = "example.com."
    key_algorithm = "hmac-md5"
    key_secret    = "3VwZXJzZWNyZXQ="
  }
}

# Create a DNS A record set
resource "dns_a_record_set" "www" {
  # ...
}

» Configuration Reference

update - (Optional) When the provider is used for DNS updates, this block is required. Structure is documented below.

The update block supports the following attributes:

  • server - (Required) The IPv4 address of the DNS server to send updates to.
  • port - (Optional) The target UDP port on the server where updates are sent to. Defaults to 53.
  • transport - (Optional) Transport to use for DNS queries. Valid values are udp, udp4, udp6, tcp, tcp4, or tcp6. Any UDP transport will retry automatically with the equivalent TCP transport in the event of a truncated response. Defaults to udp.
  • timeout - (Optional) Timeout for DNS queries. Valid values are durations expressed as 500ms, etc. or a plain number which is treated as whole seconds.
  • retries - (Optional) How many times to retry on connection timeout. Defaults to 3.
  • key_name - (Optional) The name of the TSIG key used to sign the DNS update messages.
  • key_algorithm - (Optional; Required if key_name is set) When using TSIG authentication, the algorithm to use for HMAC. Valid values are hmac-md5, hmac-sha1, hmac-sha256 or hmac-sha512.
  • key_secret - (Optional; Required if key_name is set) A Base64-encoded string containing the shared secret to be used for TSIG.