DNSSEC Partial Enablement

common/aws/mdr-common-services/010-public-dns/README.md

@@ -0,0 +1,15 @@
+# DNSSEC Notes
+
+For a new domain, you need to do some manual steps after running this state:
+
+1. Log into the AWS Console
+1. Go to route53->registered domains
+1. Select the rgistered domain you've added.
+1. Under the section "DNSSEC Status", click "Manage keys"
+1. Add the key type, algorithm, and public key from `terragrunt output`.
+
+You may also delete any previous keys that were there.
+
+# Rotation
+
+See xdr-terraform-modules/base/dns/public_dns/README.md for more information.

common/aws/mdr-common-services/010-public-dns/terragrunt.hcl

@@ -8,7 +8,7 @@ locals {
 
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/dns/public_dns?ref=v1.23.2"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/dns/public_dns?ref=v1.24.2"
 }
 
 include {

common/aws/mdr-common-services/account.hcl

@@ -28,6 +28,7 @@ locals {
     "accenturefederalcyber.net",
     "xdr.accenturefederalcyber.com",
     "xdrtest.accenturefederalcyber.com",
+    "xdrtest.accenturefederalcyber.net", # testing dnssec
   ]
   # Delegated zones are created in different accounts
   delegated_public_dns_zones = {