【发布时间】:2021-10-28 06:33:19
【问题描述】:
首先我明白 RSA SHA1 不被推荐,但对于这个特定的用例是必需的。其次,我可以毫无问题地部署以下内容:
resource "google_dns_managed_zone" "example-zone" {
name = "example-zone-02"
dns_name = "example-0123.com."
description = "DNS Zone with DNSSEC"
dnssec_config {
default_key_specs {
algorithm = "rsasha256"
key_length = 2048
key_type = "zoneSigning"
kind = "dnsKeySpec"
}
default_key_specs {
algorithm = "rsasha256"
key_length = 2048
key_type = "keySigning"
kind = "dnsKeySpec"
}
kind = "managedZoneDnsSecConfig"
non_existence = "nsec"
state = "on"
}
}
但是,一旦我将算法切换到 rsasha1,我就会得到以下信息:
googleapi: Error 400: Invalid value for 'entity.managedZone.dnssecConfig.defaultKeySpecs[0]': 'ZONE_SIGNING / RSASHA1 / 2048'
│ More details:
│ Reason: invalid, Message: Invalid value for 'entity.managedZone.dnssecConfig.defaultKeySpecs[0]': 'ZONE_SIGNING / RSASHA1 / 2048'
│ Reason: invalid, Message: Invalid value for 'entity.managedZone.dnssecConfig.defaultKeySpecs[1]': 'KEY_SIGNING / RSASHA1 / 2048'
根据文档here,密钥长度应该是可以接受的...我也尝试过 128、256、512 和 1024...没有运气。非常感谢任何帮助。
【问题讨论】:
标签: google-cloud-platform terraform terraform-provider-gcp google-cloud-dns