diff --git a/CHANGELOG.md b/CHANGELOG.md
index dbadd21..b8f1ad6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,3 +18,6 @@
 
 * 1.1.0 -- 2024-10-17
   - add zone_id to allow it to take a zone id directly vs from a lookup
+
+* 1.2.0 -- 2025-03-07
+  - create heritage submodule
diff --git a/common/version.tf b/common/version.tf
index 9c489cd..1ee6619 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "1.1.0"
+  _module_version = "1.2.0"
 }
diff --git a/heritage/.terraform.lock.hcl b/heritage/.terraform.lock.hcl
new file mode 100644
index 0000000..ab6081e
--- /dev/null
+++ b/heritage/.terraform.lock.hcl
@@ -0,0 +1,44 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "4.60.0"
+  constraints = ">= 4.0.0"
+  hashes = [
+    "h1:b2U4EncUaHCsQuiePo/yHZiH5ib0rx+P/qG4LC8pGlA=",
+    "zh:1853d6bc89e289ac36c13485e8ff877c1be8485e22f545bb32c7a30f1d1856e8",
+    "zh:4321d145969e3b7ede62fe51bee248a15fe398643f21df9541eef85526bf3641",
+    "zh:4c01189cc6963abfe724e6b289a7c06d2de9c395011d8d54efa8fe1aac444e2e",
+    "zh:5934db7baa2eec0f9acb9c7f1c3dd3b3fe1e67e23dd4a49e9fe327832967b32b",
+    "zh:5fbedf5d55c6e04e34c32b744151e514a80308e7dec633a56b852829b41e4b5a",
+    "zh:651558e1446cc05061b75e6f5cc6e2959feb17615cd0ace6ec7a2bcc846321c0",
+    "zh:76875eb697916475e554af080f9d4d3cd1f7d5d58ecdd3317a844a30980f4eec",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:a52528e6d6c945a6ac45b89e9a70a5435148e4c151241e04c231dd2acc4a8c80",
+    "zh:af5f94c69025f1c2466a3cf970d1e9bed72938ec33b976c8c067468b6707bb57",
+    "zh:b6692fad956c9d4ef4266519d9ac2ee9f699f8f2c21627625c9ed63814d41590",
+    "zh:b74311af5fa5ac6e4eb159c12cfb380dfe2f5cd8685da2eac8073475f398ae60",
+    "zh:cc5aa6f738baa42edacba5ef1ca0969e5a959422e4491607255f3f6142ba90ed",
+    "zh:dd1a7ff1b22f0036a76bc905a8229ce7ed0a7eb5a783d3a2586fb1bd920515c3",
+    "zh:e5ab40c4ad0f1c7bd4d5d834d1aa144e690d1a93329d73b3d37512715a638de9",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/time" {
+  version = "0.9.1"
+  hashes = [
+    "h1:NUv/YtEytDQncBQ2mTxnUZEy/rmDlPYmE9h2iokR0vk=",
+    "zh:00a1476ecf18c735cc08e27bfa835c33f8ac8fa6fa746b01cd3bcbad8ca84f7f",
+    "zh:3007f8fc4a4f8614c43e8ef1d4b0c773a5de1dcac50e701d8abc9fdc8fcb6bf5",
+    "zh:5f79d0730fdec8cb148b277de3f00485eff3e9cf1ff47fb715b1c969e5bbd9d4",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:8c8094689a2bed4bb597d24a418bbbf846e15507f08be447d0a5acea67c2265a",
+    "zh:a6d9206e95d5681229429b406bc7a9ba4b2d9b67470bda7df88fa161508ace57",
+    "zh:aa299ec058f23ebe68976c7581017de50da6204883950de228ed9246f309e7f1",
+    "zh:b129f00f45fba1991db0aa954a6ba48d90f64a738629119bfb8e9a844b66e80b",
+    "zh:ef6cecf5f50cda971c1b215847938ced4cb4a30a18095509c068643b14030b00",
+    "zh:f1f46a4f6c65886d2dd27b66d92632232adc64f92145bf8403fe64d5ffa5caea",
+    "zh:f79d6155cda7d559c60d74883a24879a01c4d5f6fd7e8d1e3250f3cd215fb904",
+    "zh:fd59fa73074805c3575f08cd627eef7acda14ab6dac2c135a66e7a38d262201c",
+  ]
+}
diff --git a/heritage/README.md b/heritage/README.md
new file mode 100644
index 0000000..884f550
--- /dev/null
+++ b/heritage/README.md
@@ -0,0 +1,124 @@
+# About
+
+This submodule creates a heritage record (txt) of the fully qualified domain name (FQDN) selected in `name`.  The zone
+is calculcated by splitting after the first dot.  If the zone does not exist in Route 53, and the zone is not associated
+with the VPC in which this is executed, you will get an error such as this:
+
+```script
+Error: no matching Route53Zone found
+
+  with module.lakefront_cname_test.data.aws_route53_zone.zone,
+  on .terraform/modules/lakefront_cname_test/cname/zone_forward.tf line 2, in data "aws_route53_zone" "zone":
+   2: data "aws_route53_zone" "zone" {
+```
+
+You will need to either fix the domain name (zone) or request the VPC have access to the zone. Generally speaking,
+all zones where DNS entries are permitted are already associated with the appropriate VPCs.  Under normal conditions,
+you will want to use the `var.vpc_domain_name` (from the shared parent VPC), or from a `data` resource (see [example](#using-dhcp-options-data-resource)).
+
+The record(s) created use a default TTL of 900.  You may change this with the `ttl` option.
+
+This creates what we call a heritage record. This is an indication of _what_ thing created the record, and when.  It is added by
+the dynamic route53 Lambdas for EC2 instances, and within this module, it uses its own details.
+
+The record looks like:
+
+```console
+% dig +short in txt _txt.lakefront.dev.edl.census.gov
+_txt.lakefront.dev.edl.census.gov. 900 IN TXT   "heritage=terraform,terraform/account_id=818199694861,terraform/region=us-gov-west-1,terraform/create_time=1679501130"
+```
+
+The fields/key-value pairs are
+
+| name | description |
+|------|-------------|
+| heritage=terraform | primary label indicating all other values will be use \_terraform\_/ as a prefix |
+| {label}/{key}={value} | label (above); key and value (below) |
+| account\_id | AWS Account ID |
+| region | AWS Region where this has been created |
+| create\_time | Unix epoch time on creation of this and the associated record |
+
+You may add additional values here, such as an ALB ID or other useful, short values which do not change, in the `heritage_tags` map:
+
+```hcl
+  heritage_tags = {
+    alb_id = aws_lb.my_lb.id
+  }
+```
+
+Be sure not to use an ARN as a value, and avoid values which change frequently.
+
+# Usage
+## Simple, using vpc\_domain\_name from parent
+
+```hcl
+module "my_heritage" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-dns//heritage"
+
+  name    = format("%v.%v", local.app_shortname, var.vpc_domain_name)
+  record_type = "cname"
+}
+```
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4 |
+| <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.9.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.60.0 |
+| <a name="provider_time"></a> [time](#provider\_time) | 0.9.1 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_route53_record.entry_heritage](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [time_static.timestamp](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/static) | resource |
+| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_availability_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zone) | data source |
+| [aws_availability_zones.zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_route53_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no |
+| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
+| <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | AWS Availability Zones to use (by default will use all available) | `list(string)` | `[]` | no |
+| <a name="input_enable_heritage"></a> [enable\_heritage](#input\_enable\_heritage) | Flag to enable or disable creation a TXT record for heritage.  For CNAMEs, it uses a prefix of \_txt on the name | `bool` | `true` | no |
+| <a name="input_enable_ptr"></a> [enable\_ptr](#input\_enable\_ptr) | Flag to enable or disable creation of a PTR record.  Used for type ptr and host | `bool` | `null` | no |
+| <a name="input_heritage_tags"></a> [heritage\_tags](#input\_heritage\_tags) | Map of key/value pairs to set into the heritage. These should be static so as not to update the heritage TXT record frequently | `map(string)` | `{}` | no |
+| <a name="input_name"></a> [name](#input\_name) | FQDN DNS name to create.  If the zone (everything after the first dot) does not exist or is not associated to the VPC, this creation will fail. | `string` | n/a | yes |
+| <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| <a name="input_private_zone"></a> [private\_zone](#input\_private\_zone) | Flag indicating public or private zone.  Assumes private by default, and can set public only for non-gov region | `bool` | `true` | no |
+| <a name="input_record_type"></a> [record\_type](#input\_record\_type) | Type of DNS record to create: cname, a, aaaa, ptr, txt, host (ptr and a and/or aaaa) | `string` | `"host"` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no |
+| <a name="input_ttl"></a> [ttl](#input\_ttl) | DNS RR Time To Live (ttl).  Default 900s (15m). | `number` | `900` | no |
+| <a name="input_values"></a> [values](#input\_values) | DNS value to set for the name.  May be a string or list of strings (like multiple IP addresses) | `any` | n/a | yes |
+| <a name="input_zone"></a> [zone](#input\_zone) | DNS Zone into which to create the record.  By default, it will extract this from the name after the first dot. | `string` | `null` | no |
+| <a name="input_zone_id"></a> [zone\_id](#input\_zone\_id) | DNS Zone ID into which to create the record. | `string` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_availability_zone_ids"></a> [availability\_zone\_ids](#output\_availability\_zone\_ids) | VPC Availability zone id list |
+| <a name="output_availability_zone_names"></a> [availability\_zone\_names](#output\_availability\_zone\_names) | VPC Availability zone name list |
+| <a name="output_availability_zone_suffixes"></a> [availability\_zone\_suffixes](#output\_availability\_zone\_suffixes) | VPC Availability zone suffix list |
+| <a name="output_heritage_name"></a> [heritage\_name](#output\_heritage\_name) | DNS Name created for the heritage record, if enabled |
+| <a name="output_name"></a> [name](#output\_name) | DNS Name created (same as what was provided) |
+| <a name="output_timestamp"></a> [timestamp](#output\_timestamp) | Record creation Unix timestamp (from heritage records) |
diff --git a/heritage/availabilty_zones.tf b/heritage/availabilty_zones.tf
new file mode 120000
index 0000000..00a240c
--- /dev/null
+++ b/heritage/availabilty_zones.tf
@@ -0,0 +1 @@
+../common/availabilty_zones.tf
\ No newline at end of file
diff --git a/heritage/common.tf b/heritage/common.tf
new file mode 120000
index 0000000..6941673
--- /dev/null
+++ b/heritage/common.tf
@@ -0,0 +1 @@
+../common/common.tf
\ No newline at end of file
diff --git a/heritage/data.tf b/heritage/data.tf
new file mode 120000
index 0000000..995624d
--- /dev/null
+++ b/heritage/data.tf
@@ -0,0 +1 @@
+../common/data.tf
\ No newline at end of file
diff --git a/heritage/defaults.tf b/heritage/defaults.tf
new file mode 120000
index 0000000..a5556ac
--- /dev/null
+++ b/heritage/defaults.tf
@@ -0,0 +1 @@
+../common/defaults.tf
\ No newline at end of file
diff --git a/heritage/entry_heritage.tf b/heritage/entry_heritage.tf
new file mode 120000
index 0000000..2725450
--- /dev/null
+++ b/heritage/entry_heritage.tf
@@ -0,0 +1 @@
+../common/entry_heritage.tf
\ No newline at end of file
diff --git a/heritage/heritage_tags.tf b/heritage/heritage_tags.tf
new file mode 120000
index 0000000..5a0ecdc
--- /dev/null
+++ b/heritage/heritage_tags.tf
@@ -0,0 +1 @@
+../common/heritage_tags.tf
\ No newline at end of file
diff --git a/heritage/main.tf b/heritage/main.tf
new file mode 100644
index 0000000..1d5a766
--- /dev/null
+++ b/heritage/main.tf
@@ -0,0 +1,68 @@
+/* aws-dns :: heritage
+* # About
+*
+* This submodule creates a heritage record (txt) of the fully qualified domain name (FQDN) selected in `name`.  The zone
+* is calculcated by splitting after the first dot.  If the zone does not exist in Route 53, and the zone is not associated
+* with the VPC in which this is executed, you will get an error such as this:
+* 
+* ```script
+* Error: no matching Route53Zone found
+* 
+*   with module.lakefront_cname_test.data.aws_route53_zone.zone,
+*   on .terraform/modules/lakefront_cname_test/cname/zone_forward.tf line 2, in data "aws_route53_zone" "zone":
+*    2: data "aws_route53_zone" "zone" {
+* ```
+* 
+* You will need to either fix the domain name (zone) or request the VPC have access to the zone. Generally speaking,
+* all zones where DNS entries are permitted are already associated with the appropriate VPCs.  Under normal conditions,
+* you will want to use the `var.vpc_domain_name` (from the shared parent VPC), or from a `data` resource (see [example](#using-dhcp-options-data-resource)).
+* 
+* The record(s) created use a default TTL of 900.  You may change this with the `ttl` option.
+* 
+* This creates what we call a heritage record. This is an indication of _what_ thing created the record, and when.  It is added by
+* the dynamic route53 Lambdas for EC2 instances, and within this module, it uses its own details.
+* 
+* The record looks like:
+* 
+* ```console
+* % dig +short in txt _txt.lakefront.dev.edl.census.gov
+* _txt.lakefront.dev.edl.census.gov. 900 IN TXT   "heritage=terraform,terraform/account_id=818199694861,terraform/region=us-gov-west-1,terraform/create_time=1679501130"
+* ```
+* 
+* The fields/key-value pairs are
+* 
+* | name | description |
+* |------|-------------|
+* | heritage=terraform | primary label indicating all other values will be use _terraform_/ as a prefix |
+* | {label}/{key}={value} | label (above); key and value (below) |
+* | account_id | AWS Account ID |
+* | region | AWS Region where this has been created |
+* | create_time | Unix epoch time on creation of this and the associated record |
+* 
+* You may add additional values here, such as an ALB ID or other useful, short values which do not change, in the `heritage_tags` map:
+* 
+* ```hcl
+*   heritage_tags = {
+*     alb_id = aws_lb.my_lb.id
+*   }
+* ```
+* 
+* Be sure not to use an ARN as a value, and avoid values which change frequently.
+*
+* # Usage
+* ## Simple, using vpc_domain_name from parent
+*
+* ```hcl
+* module "my_heritage" {
+*   source = "git@github.e.it.census.gov:terraform-modules/aws-dns//heritage"
+* 
+*   name    = format("%v.%v", local.app_shortname, var.vpc_domain_name)
+*   record_type = "cname"
+* }
+* ```
+*/
+
+locals {
+  record_type = "txt"
+  values      = [local.default_values[0]]
+}
diff --git a/heritage/output.tf b/heritage/output.tf
new file mode 100644
index 0000000..93df745
--- /dev/null
+++ b/heritage/output.tf
@@ -0,0 +1,9 @@
+output "name" {
+  description = "DNS Name created (same as what was provided)"
+  value       = var.name
+}
+
+output "heritage_name" {
+  description = "DNS Name created for the heritage record, if enabled"
+  value       = try(aws_route53_record.entry_heritage[0].name, null)
+}
diff --git a/heritage/output.timestamp.tf b/heritage/output.timestamp.tf
new file mode 120000
index 0000000..c4dc4d5
--- /dev/null
+++ b/heritage/output.timestamp.tf
@@ -0,0 +1 @@
+../common/output.timestamp.tf
\ No newline at end of file
diff --git a/heritage/prefixes.tf b/heritage/prefixes.tf
new file mode 120000
index 0000000..7e265d5
--- /dev/null
+++ b/heritage/prefixes.tf
@@ -0,0 +1 @@
+../common/prefixes.tf
\ No newline at end of file
diff --git a/heritage/variables.common.availability_zones.tf b/heritage/variables.common.availability_zones.tf
new file mode 120000
index 0000000..dca20a3
--- /dev/null
+++ b/heritage/variables.common.availability_zones.tf
@@ -0,0 +1 @@
+../common/variables.common.availability_zones.tf
\ No newline at end of file
diff --git a/heritage/variables.common.tf b/heritage/variables.common.tf
new file mode 120000
index 0000000..7439ed8
--- /dev/null
+++ b/heritage/variables.common.tf
@@ -0,0 +1 @@
+../common/variables.common.tf
\ No newline at end of file
diff --git a/heritage/variables.tf b/heritage/variables.tf
new file mode 120000
index 0000000..72202b3
--- /dev/null
+++ b/heritage/variables.tf
@@ -0,0 +1 @@
+../common/variables.tf
\ No newline at end of file
diff --git a/heritage/version.tf b/heritage/version.tf
new file mode 120000
index 0000000..b83c5b7
--- /dev/null
+++ b/heritage/version.tf
@@ -0,0 +1 @@
+../common/version.tf
\ No newline at end of file
diff --git a/heritage/versions.tf b/heritage/versions.tf
new file mode 120000
index 0000000..41bb22f
--- /dev/null
+++ b/heritage/versions.tf
@@ -0,0 +1 @@
+../common/versions.tf
\ No newline at end of file
diff --git a/heritage/zone_forward.tf b/heritage/zone_forward.tf
new file mode 120000
index 0000000..92b9dd1
--- /dev/null
+++ b/heritage/zone_forward.tf
@@ -0,0 +1 @@
+../common/zone_forward.tf
\ No newline at end of file