feat: allow to disable dnssec (#34)

* feat: allow to disable dnssec * chore: fmt
padok-team · Mar 11, 2024 · 6c793a4 · 6c793a4
1 parent 89e01a7
commit 6c793a4
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/main.tf b/main.tf
@@ -12,7 +12,7 @@ resource "google_dns_managed_zone" "this" {
   // CKV_GCP_16:
   // DNSSEC is a feature of the Domain Name System that authenticates responses to domain name lookups. DNSSEC prevents attackers from manipulating or poisoning the responses to DNS requests.
   dnssec_config {
-    state = "on"
+    state = var.dnssec_state
   }
 }
 

diff --git a/variables.tf b/variables.tf
@@ -37,3 +37,9 @@ variable "records" {
   description = "List of your DNS records."
   default     = {}
 }
+
+variable "dnssec_state" {
+  type        = string
+  description = "DNSSEC State"
+  default     = "on"
+}