Answerings and solving issues, reviewing and merging PRs, keeping dependencies up to date is a lot of work. As I don't need Hetzner DNS anymore, I decided to not work on this project anymore and dedicate my free time to other fun activities.
Feel free to create pull requests and contribute to this project. I'll be merging them and publiching new releases.
Another option is this fork: germanbrew/terraform-provider-hetznerdns
Read about what I learnt while implementing this Terraform Provider.
You can find resources and data sources documentation there or here.
You most likely want to download the provider from Terraform Registry. If you want or need to install the provider locally, take a look at INSTALL.
This provider is published and available there. If you want to use it, just
add the following to your terraform.tf
:
terraform {
required_providers {
hetznerdns = {
source = "timohirt/hetznerdns"
version = "2.1.0"
}
}
required_version = ">= 1.0"
}
Then run terraform init
to download the provider.
Once installed you have three options to provide the required API token that is used to authenticate at the Hetzner DNS API.
You can enter it every time you run terraform
.
Add the following to your terraform.tf
:
variable "hetznerdns_token" {}
provider "hetznerdns" {
apitoken = var.hetznerdns_token
}
Now, assign your API token to hetznerdns_token
in terraform.tfvars
:
hetznerdns_token = "kkd993i3kkmm4m4m4"
You don't have to enter the API token anymore.
Assign the API token to HETZNER_DNS_API_TOKEN
env variable.
export HETZNER_DNS_API_TOKEN=<your api token>
The provider uses this token and you don't have to enter it anymore.
# Specify a zone for a domain (example.com)
resource "hetznerdns_zone" "example_com" {
name = "example.com"
ttl = 60
}
# Handle root (example.com)
resource "hetznerdns_record" "example_com_root" {
zone_id = hetznerdns_zone.example_com.id
name = "@"
value = hcloud_server.server_name.ipv4_address
type = "A"
# You only need to set a TTL if it's different from the zone's TTL above
ttl = 300
}
# Handle wildcard subdomain (*.example.com)
resource "hetznerdns_record" "all_example_com" {
zone_id = hetznerdns_zone.example_com.id
name = "*"
value = hcloud_server.server_name.ipv4_address
type = "A"
}
# Handle specific subdomain (books.example.com)
resource "hetznerdns_record" "books_example_com" {
zone_id = hetznerdns_zone.example_com.id
name = "books"
value = hcloud_server.server_name.ipv4_address
type = "A"
}
# Handle email (MX record with priority 10)
resource "hetznerdns_record" "example_com_email" {
zone_id = hetznerdns_zone.example_com.id
name = "@"
value = "10 mail.example.com"
type = "MX"
}
# SPF record
resource "hetznerdns_record" "example_com_spf" {
zone_id = hetznerdns_zone.example_com.id
name = "@"
# The entire value needs to be enclosed in quotes in the zone file, if it contains a space or a quote. For Terraform, you need to escape these "inner" quotes:
value = "\"v=spf1 ip4:1.2.3.4 -all\""
# Or let `jsonencode()` take care of the escaping:
value = jsonencode("v=spf1 ip4:1.2.3.4 -all")
type = "TXT"
}
# DKIM record
locals {
dkim = "v=DKIM1;h=sha256;k=rsa;s=email;p=abc..."}
}
resource "hetznerdns_record" "example_com_dkim" {
zone_id = hetznerdns_zone.example_com.id
name = "default._domainkey"
type = "TXT"
# Since the maximum length of a DNS record is 255, it needs to be split in 2 parts:
value = join(" ", [
jsonencode(substr(local.dkim, 0, 255)),
jsonencode(substr(local.dkim, 255, 255)),
""
])
# Alternative (works even if the string is longer than 510):
value = join("\"", [
"",
replace(local.dkim, "/(.{255})/", "$1\" \""),
" "
])
}