diff --git a/CHANGELOG.md b/CHANGELOG.md
index e9cbc4c..cb7a186 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,3 +3,5 @@
* 1.0.0 -- 2023-03-24
- initial creation with cname
+* 1.0.1 -- 2023-03-24
+ - create new submodules: a, aaaa, host
diff --git a/a/.terraform.lock.hcl b/a/.terraform.lock.hcl
new file mode 100644
index 0000000..ab6081e
--- /dev/null
+++ b/a/.terraform.lock.hcl
@@ -0,0 +1,44 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+ version = "4.60.0"
+ constraints = ">= 4.0.0"
+ hashes = [
+ "h1:b2U4EncUaHCsQuiePo/yHZiH5ib0rx+P/qG4LC8pGlA=",
+ "zh:1853d6bc89e289ac36c13485e8ff877c1be8485e22f545bb32c7a30f1d1856e8",
+ "zh:4321d145969e3b7ede62fe51bee248a15fe398643f21df9541eef85526bf3641",
+ "zh:4c01189cc6963abfe724e6b289a7c06d2de9c395011d8d54efa8fe1aac444e2e",
+ "zh:5934db7baa2eec0f9acb9c7f1c3dd3b3fe1e67e23dd4a49e9fe327832967b32b",
+ "zh:5fbedf5d55c6e04e34c32b744151e514a80308e7dec633a56b852829b41e4b5a",
+ "zh:651558e1446cc05061b75e6f5cc6e2959feb17615cd0ace6ec7a2bcc846321c0",
+ "zh:76875eb697916475e554af080f9d4d3cd1f7d5d58ecdd3317a844a30980f4eec",
+ "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+ "zh:a52528e6d6c945a6ac45b89e9a70a5435148e4c151241e04c231dd2acc4a8c80",
+ "zh:af5f94c69025f1c2466a3cf970d1e9bed72938ec33b976c8c067468b6707bb57",
+ "zh:b6692fad956c9d4ef4266519d9ac2ee9f699f8f2c21627625c9ed63814d41590",
+ "zh:b74311af5fa5ac6e4eb159c12cfb380dfe2f5cd8685da2eac8073475f398ae60",
+ "zh:cc5aa6f738baa42edacba5ef1ca0969e5a959422e4491607255f3f6142ba90ed",
+ "zh:dd1a7ff1b22f0036a76bc905a8229ce7ed0a7eb5a783d3a2586fb1bd920515c3",
+ "zh:e5ab40c4ad0f1c7bd4d5d834d1aa144e690d1a93329d73b3d37512715a638de9",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/time" {
+ version = "0.9.1"
+ hashes = [
+ "h1:NUv/YtEytDQncBQ2mTxnUZEy/rmDlPYmE9h2iokR0vk=",
+ "zh:00a1476ecf18c735cc08e27bfa835c33f8ac8fa6fa746b01cd3bcbad8ca84f7f",
+ "zh:3007f8fc4a4f8614c43e8ef1d4b0c773a5de1dcac50e701d8abc9fdc8fcb6bf5",
+ "zh:5f79d0730fdec8cb148b277de3f00485eff3e9cf1ff47fb715b1c969e5bbd9d4",
+ "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+ "zh:8c8094689a2bed4bb597d24a418bbbf846e15507f08be447d0a5acea67c2265a",
+ "zh:a6d9206e95d5681229429b406bc7a9ba4b2d9b67470bda7df88fa161508ace57",
+ "zh:aa299ec058f23ebe68976c7581017de50da6204883950de228ed9246f309e7f1",
+ "zh:b129f00f45fba1991db0aa954a6ba48d90f64a738629119bfb8e9a844b66e80b",
+ "zh:ef6cecf5f50cda971c1b215847938ced4cb4a30a18095509c068643b14030b00",
+ "zh:f1f46a4f6c65886d2dd27b66d92632232adc64f92145bf8403fe64d5ffa5caea",
+ "zh:f79d6155cda7d559c60d74883a24879a01c4d5f6fd7e8d1e3250f3cd215fb904",
+ "zh:fd59fa73074805c3575f08cd627eef7acda14ab6dac2c135a66e7a38d262201c",
+ ]
+}
diff --git a/a/README.md b/a/README.md
new file mode 100644
index 0000000..d688486
--- /dev/null
+++ b/a/README.md
@@ -0,0 +1,97 @@
+# About
+
+This submodule creates an A (IPv4) entry of the fully qualified domain name (FQDN) selected in `name`. The zone
+is calculcated by splitting after the first dot. If the zone does not exist in Route 53, and the zone is not associated
+with the VPC in which this is executed, you will get an error such as this:
+
+```script
+Error: no matching Route53Zone found
+
+ with module.lakefront_cname_test.data.aws_route53_zone.zone,
+ on .terraform/modules/lakefront_cname_test/cname/zone_forward.tf line 2, in data "aws_route53_zone" "zone":
+ 2: data "aws_route53_zone" "zone" {
+```
+
+You will need to either fix the domain name (zone) or request the VPC have access to the zone. Generally speaking,
+all zones where DNS entries are permitted are already associated with the appropriate VPCs. Under normal conditions,
+you will want to use the `var.vpc_domain_name` (from the shared parent VPC), or from a `data` resource (see [example](#using-dhcp-options-data-resource)).
+
+The record(s) created use a default TTL of 900. You may change this with the `ttl` option.
+
+This also creates what we call a heritage record. This is an indication of _what_ thing created the record, and when. It is added by
+the dynamic route53 Lambdas for EC2 instances, and within this module, it uses its own details.
+
+The record looks like:
+
+```console
+% dig +short in txt EXAMPLE
+```
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 1.0 |
+| [aws](#requirement\_aws) | >= 4 |
+| [time](#requirement\_time) | >= 0.9.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | 4.60.0 |
+| [time](#provider\_time) | 0.9.1 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [entry\_ip\_addresses](#module\_entry\_ip\_addresses) | git@github.e.it.census.gov:terraform-modules/dns-lookup.git | tf-upgrade |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_route53_record.entry](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [aws_route53_record.entry_heritage](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [aws_route53_record.entry_ipv4_ptr](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [aws_route53_record.entry_ipv4_ptr_heritage](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [aws_route53_record.entry_ipv6_ptr](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [aws_route53_record.entry_ipv6_ptr_heritage](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [time_static.timestamp](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/static) | resource |
+| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_availability_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zone) | data source |
+| [aws_availability_zones.zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_route53_zone.ipv4_ptr](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
+| [aws_route53_zone.ipv6_ptr](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
+| [aws_route53_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no |
+| [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
+| [availability\_zones](#input\_availability\_zones) | AWS Availability Zones to use (by default will use all available) | `list(string)` | `[]` | no |
+| [enable\_heritage](#input\_enable\_heritage) | Flag to enable or disable creation a TXT record for heritage. For CNAMEs, it uses a prefix of \_txt on the name | `bool` | `true` | no |
+| [enable\_ptr](#input\_enable\_ptr) | Flag to enable or disable creation of a PTR record. Used for type ptr and host | `bool` | `null` | no |
+| [heritage\_tags](#input\_heritage\_tags) | Map of key/value pairs to set into the heritage. These should be static so as not to update the heritage TXT record frequently | `map(string)` | `{}` | no |
+| [name](#input\_name) | FQDN DNS name to create. If the zone (everything after the first dot) does not exist or is not associated to the VPC, this creation will fail. | `string` | n/a | yes |
+| [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| [private\_zone](#input\_private\_zone) | Flag indicating public or private zone. Assumes private by default, and can set public only for non-gov region | `bool` | `true` | no |
+| [record\_type](#input\_record\_type) | Type of DNS record to create: cname, a, aaaa, ptr, txt, host (ptr and a and/or aaaa) | `string` | `"host"` | no |
+| [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no |
+| [ttl](#input\_ttl) | DNS RR Time To Live (ttl). Default 900s (15m). | `number` | `900` | no |
+| [values](#input\_values) | DNS value to set for the name. May be a string or list of strings (like multiple IP addresses) | `any` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [availability\_zone\_ids](#output\_availability\_zone\_ids) | VPC Availability zone id list |
+| [availability\_zone\_names](#output\_availability\_zone\_names) | VPC Availability zone name list |
+| [availability\_zone\_suffixes](#output\_availability\_zone\_suffixes) | VPC Availability zone suffix list |
+| [heritage\_name](#output\_heritage\_name) | DNS Name created for the heritage record, if enabled |
+| [name](#output\_name) | DNS Name created (same as what was provided) |
diff --git a/a/availabilty_zones.tf b/a/availabilty_zones.tf
new file mode 120000
index 0000000..00a240c
--- /dev/null
+++ b/a/availabilty_zones.tf
@@ -0,0 +1 @@
+../common/availabilty_zones.tf
\ No newline at end of file
diff --git a/a/common.tf b/a/common.tf
new file mode 120000
index 0000000..6941673
--- /dev/null
+++ b/a/common.tf
@@ -0,0 +1 @@
+../common/common.tf
\ No newline at end of file
diff --git a/a/data.tf b/a/data.tf
new file mode 120000
index 0000000..995624d
--- /dev/null
+++ b/a/data.tf
@@ -0,0 +1 @@
+../common/data.tf
\ No newline at end of file
diff --git a/a/defaults.tf b/a/defaults.tf
new file mode 120000
index 0000000..a5556ac
--- /dev/null
+++ b/a/defaults.tf
@@ -0,0 +1 @@
+../common/defaults.tf
\ No newline at end of file
diff --git a/a/entry.tf b/a/entry.tf
new file mode 120000
index 0000000..f43d394
--- /dev/null
+++ b/a/entry.tf
@@ -0,0 +1 @@
+../common/entry.tf
\ No newline at end of file
diff --git a/a/entry_heritage.tf b/a/entry_heritage.tf
new file mode 120000
index 0000000..2725450
--- /dev/null
+++ b/a/entry_heritage.tf
@@ -0,0 +1 @@
+../common/entry_heritage.tf
\ No newline at end of file
diff --git a/a/entry_ptr.tf b/a/entry_ptr.tf
new file mode 120000
index 0000000..95c6675
--- /dev/null
+++ b/a/entry_ptr.tf
@@ -0,0 +1 @@
+../common/entry_ptr.tf
\ No newline at end of file
diff --git a/a/entry_ptr_heritage.tf b/a/entry_ptr_heritage.tf
new file mode 120000
index 0000000..5902a65
--- /dev/null
+++ b/a/entry_ptr_heritage.tf
@@ -0,0 +1 @@
+../common/entry_ptr_heritage.tf
\ No newline at end of file
diff --git a/a/heritage_tags.tf b/a/heritage_tags.tf
new file mode 120000
index 0000000..5a0ecdc
--- /dev/null
+++ b/a/heritage_tags.tf
@@ -0,0 +1 @@
+../common/heritage_tags.tf
\ No newline at end of file
diff --git a/a/main.tf b/a/main.tf
new file mode 100644
index 0000000..a8fa716
--- /dev/null
+++ b/a/main.tf
@@ -0,0 +1,89 @@
+/* aws-dns :: a
+* # About
+*
+* This submodule creates an A (IPv4) entry of the fully qualified domain name (FQDN) selected in `name`. The zone
+* is calculcated by splitting after the first dot. If the zone does not exist in Route 53, and the zone is not associated
+* with the VPC in which this is executed, you will get an error such as this:
+*
+* ```script
+* Error: no matching Route53Zone found
+*
+* with module.lakefront_cname_test.data.aws_route53_zone.zone,
+* on .terraform/modules/lakefront_cname_test/cname/zone_forward.tf line 2, in data "aws_route53_zone" "zone":
+* 2: data "aws_route53_zone" "zone" {
+* ```
+*
+* You will need to either fix the domain name (zone) or request the VPC have access to the zone. Generally speaking,
+* all zones where DNS entries are permitted are already associated with the appropriate VPCs. Under normal conditions,
+* you will want to use the `var.vpc_domain_name` (from the shared parent VPC), or from a `data` resource (see [example](#using-dhcp-options-data-resource)).
+*
+* The record(s) created use a default TTL of 900. You may change this with the `ttl` option.
+*
+* This also creates what we call a heritage record. This is an indication of _what_ thing created the record, and when. It is added by
+* the dynamic route53 Lambdas for EC2 instances, and within this module, it uses its own details.
+*
+* The record looks like:
+*
+* ```console
+* % dig +short in txt EXAMPLE
+EXAMPLE> 900 IN TXT "heritage=terraform,terraform/account_id=818199694861,terraform/region=us-gov-west-1,terraform/create_time=1679501130"
+* ```
+*
+* The fields/key-value pairs are
+*
+* | name | description |
+* |------|-------------|
+* | heritage=terraform | primary label indicating all other values will be use _terraform_/ as a prefix |
+* | {label}/{key}={value} | label (above); key and value (below) |
+* | account_id | AWS Account ID |
+* | region | AWS Region where this has been created |
+* | create_time | Unix epoch time on creation of this and the associated record |
+*
+* You may add additional values here, such as an ALB ID or other useful, short values which do not change, in the `heritage_tags` map:
+*
+* ```hcl
+* heritage_tags = {
+* alb_id = aws_lb.my_lb.id
+* }
+* ```
+*
+* Be sure not to use an ARN as a value, and avoid values which change frequently.
+*
+* # Caveats
+* ## Simple, using vpc_domain_name from parent
+*
+* ```hcl
+* module "lakefront_cname" {
+* source = "git@github.e.it.census.gov:terraform-modules/aws-dns//cname"
+*
+* name = format("%v.%v", local.app_shortname, var.vpc_domain_name)
+* values = format("%v.execute-api.%v.amazonaws.com", data.aws_api_gateway_rest_api.lakefront.id, local.region)
+* }
+* ```
+*
+# ## Using DHCP options data resource
+*
+* data "aws_vpc_dhcp_options" "options" {
+* filter {
+* name = "vpc-id"
+* values = [local.vpc_id]
+* }
+* }
+*
+* module "stat_cname"
+* {
+* source = "git@github.e.it.census.gov:terraform-modules/aws-dns//cname"
+* name = format("%v.%v","stat",data.aws_vpc_dhc_options.options.domain_name)
+* values = aws_lb.adsd_dapps_dev_stat_lb.dns_name
+* }
+* ```
+*
+*/
+
+locals {
+ record_type = "a"
+ # values = [local.default_values[0]]
+ ipv4_hosts = [for h in local.default_values : h if length(regexall("\\.", h)) == 3 && ! can(regex("/", h))]
+ ipv6_hosts = [for h in local.default_values : h if length(regexall(":", h)) != 0 && ! can(regex("/", h))]
+ values = local.ipv4_hosts
+}
diff --git a/a/output.tf b/a/output.tf
new file mode 100644
index 0000000..93df745
--- /dev/null
+++ b/a/output.tf
@@ -0,0 +1,9 @@
+output "name" {
+ description = "DNS Name created (same as what was provided)"
+ value = var.name
+}
+
+output "heritage_name" {
+ description = "DNS Name created for the heritage record, if enabled"
+ value = try(aws_route53_record.entry_heritage[0].name, null)
+}
diff --git a/a/prefixes.tf b/a/prefixes.tf
new file mode 120000
index 0000000..7e265d5
--- /dev/null
+++ b/a/prefixes.tf
@@ -0,0 +1 @@
+../common/prefixes.tf
\ No newline at end of file
diff --git a/a/variables.common.availability_zones.tf b/a/variables.common.availability_zones.tf
new file mode 120000
index 0000000..dca20a3
--- /dev/null
+++ b/a/variables.common.availability_zones.tf
@@ -0,0 +1 @@
+../common/variables.common.availability_zones.tf
\ No newline at end of file
diff --git a/a/variables.common.tf b/a/variables.common.tf
new file mode 120000
index 0000000..7439ed8
--- /dev/null
+++ b/a/variables.common.tf
@@ -0,0 +1 @@
+../common/variables.common.tf
\ No newline at end of file
diff --git a/a/variables.tf b/a/variables.tf
new file mode 120000
index 0000000..72202b3
--- /dev/null
+++ b/a/variables.tf
@@ -0,0 +1 @@
+../common/variables.tf
\ No newline at end of file
diff --git a/a/version.tf b/a/version.tf
new file mode 120000
index 0000000..b83c5b7
--- /dev/null
+++ b/a/version.tf
@@ -0,0 +1 @@
+../common/version.tf
\ No newline at end of file
diff --git a/a/versions.tf b/a/versions.tf
new file mode 120000
index 0000000..41bb22f
--- /dev/null
+++ b/a/versions.tf
@@ -0,0 +1 @@
+../common/versions.tf
\ No newline at end of file
diff --git a/a/x b/a/x
new file mode 100644
index 0000000..8e62cc2
--- /dev/null
+++ b/a/x
@@ -0,0 +1,4 @@
+../common/entry_heritage.tf
+../common/entry.tf
+../common/heritage_tags.tf
+../common/zone_forward.tf
diff --git a/a/zone_forward.tf b/a/zone_forward.tf
new file mode 120000
index 0000000..92b9dd1
--- /dev/null
+++ b/a/zone_forward.tf
@@ -0,0 +1 @@
+../common/zone_forward.tf
\ No newline at end of file
diff --git a/aaaa/.terraform.lock.hcl b/aaaa/.terraform.lock.hcl
new file mode 100644
index 0000000..ab6081e
--- /dev/null
+++ b/aaaa/.terraform.lock.hcl
@@ -0,0 +1,44 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+ version = "4.60.0"
+ constraints = ">= 4.0.0"
+ hashes = [
+ "h1:b2U4EncUaHCsQuiePo/yHZiH5ib0rx+P/qG4LC8pGlA=",
+ "zh:1853d6bc89e289ac36c13485e8ff877c1be8485e22f545bb32c7a30f1d1856e8",
+ "zh:4321d145969e3b7ede62fe51bee248a15fe398643f21df9541eef85526bf3641",
+ "zh:4c01189cc6963abfe724e6b289a7c06d2de9c395011d8d54efa8fe1aac444e2e",
+ "zh:5934db7baa2eec0f9acb9c7f1c3dd3b3fe1e67e23dd4a49e9fe327832967b32b",
+ "zh:5fbedf5d55c6e04e34c32b744151e514a80308e7dec633a56b852829b41e4b5a",
+ "zh:651558e1446cc05061b75e6f5cc6e2959feb17615cd0ace6ec7a2bcc846321c0",
+ "zh:76875eb697916475e554af080f9d4d3cd1f7d5d58ecdd3317a844a30980f4eec",
+ "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+ "zh:a52528e6d6c945a6ac45b89e9a70a5435148e4c151241e04c231dd2acc4a8c80",
+ "zh:af5f94c69025f1c2466a3cf970d1e9bed72938ec33b976c8c067468b6707bb57",
+ "zh:b6692fad956c9d4ef4266519d9ac2ee9f699f8f2c21627625c9ed63814d41590",
+ "zh:b74311af5fa5ac6e4eb159c12cfb380dfe2f5cd8685da2eac8073475f398ae60",
+ "zh:cc5aa6f738baa42edacba5ef1ca0969e5a959422e4491607255f3f6142ba90ed",
+ "zh:dd1a7ff1b22f0036a76bc905a8229ce7ed0a7eb5a783d3a2586fb1bd920515c3",
+ "zh:e5ab40c4ad0f1c7bd4d5d834d1aa144e690d1a93329d73b3d37512715a638de9",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/time" {
+ version = "0.9.1"
+ hashes = [
+ "h1:NUv/YtEytDQncBQ2mTxnUZEy/rmDlPYmE9h2iokR0vk=",
+ "zh:00a1476ecf18c735cc08e27bfa835c33f8ac8fa6fa746b01cd3bcbad8ca84f7f",
+ "zh:3007f8fc4a4f8614c43e8ef1d4b0c773a5de1dcac50e701d8abc9fdc8fcb6bf5",
+ "zh:5f79d0730fdec8cb148b277de3f00485eff3e9cf1ff47fb715b1c969e5bbd9d4",
+ "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+ "zh:8c8094689a2bed4bb597d24a418bbbf846e15507f08be447d0a5acea67c2265a",
+ "zh:a6d9206e95d5681229429b406bc7a9ba4b2d9b67470bda7df88fa161508ace57",
+ "zh:aa299ec058f23ebe68976c7581017de50da6204883950de228ed9246f309e7f1",
+ "zh:b129f00f45fba1991db0aa954a6ba48d90f64a738629119bfb8e9a844b66e80b",
+ "zh:ef6cecf5f50cda971c1b215847938ced4cb4a30a18095509c068643b14030b00",
+ "zh:f1f46a4f6c65886d2dd27b66d92632232adc64f92145bf8403fe64d5ffa5caea",
+ "zh:f79d6155cda7d559c60d74883a24879a01c4d5f6fd7e8d1e3250f3cd215fb904",
+ "zh:fd59fa73074805c3575f08cd627eef7acda14ab6dac2c135a66e7a38d262201c",
+ ]
+}
diff --git a/aaaa/README.md b/aaaa/README.md
new file mode 100644
index 0000000..a3cf1fd
--- /dev/null
+++ b/aaaa/README.md
@@ -0,0 +1,89 @@
+# About
+
+This submodule creates an AAAA (IPv6) entry of the fully qualified domain name (FQDN) selected in `name`. The zone
+is calculcated by splitting after the first dot. If the zone does not exist in Route 53, and the zone is not associated
+with the VPC in which this is executed, you will get an error such as this:
+
+```script
+Error: no matching Route53Zone found
+
+ with module.lakefront_cname_test.data.aws_route53_zone.zone,
+ on .terraform/modules/lakefront_cname_test/cname/zone_forward.tf line 2, in data "aws_route53_zone" "zone":
+ 2: data "aws_route53_zone" "zone" {
+```
+
+You will need to either fix the domain name (zone) or request the VPC have access to the zone. Generally speaking,
+all zones where DNS entries are permitted are already associated with the appropriate VPCs. Under normal conditions,
+you will want to use the `var.vpc_domain_name` (from the shared parent VPC), or from a `data` resource (see [example](#using-dhcp-options-data-resource)).
+
+The record(s) created use a default TTL of 900. You may change this with the `ttl` option.
+
+This also creates what we call a heritage record. This is an indication of _what_ thing created the record, and when. It is added by
+the dynamic route53 Lambdas for EC2 instances, and within this module, it uses its own details.
+
+The record looks like:
+
+```console
+% dig +short in txt EXAMPLE
+```
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 1.0 |
+| [aws](#requirement\_aws) | >= 4 |
+| [time](#requirement\_time) | >= 0.9.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | 4.60.0 |
+| [time](#provider\_time) | 0.9.1 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_route53_record.entry](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [aws_route53_record.entry_heritage](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [time_static.timestamp](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/static) | resource |
+| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_availability_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zone) | data source |
+| [aws_availability_zones.zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_route53_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no |
+| [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
+| [availability\_zones](#input\_availability\_zones) | AWS Availability Zones to use (by default will use all available) | `list(string)` | `[]` | no |
+| [enable\_heritage](#input\_enable\_heritage) | Flag to enable or disable creation a TXT record for heritage. For CNAMEs, it uses a prefix of \_txt on the name | `bool` | `true` | no |
+| [enable\_ptr](#input\_enable\_ptr) | Flag to enable or disable creation of a PTR record. Used for type ptr and host | `bool` | `null` | no |
+| [heritage\_tags](#input\_heritage\_tags) | Map of key/value pairs to set into the heritage. These should be static so as not to update the heritage TXT record frequently | `map(string)` | `{}` | no |
+| [name](#input\_name) | FQDN DNS name to create. If the zone (everything after the first dot) does not exist or is not associated to the VPC, this creation will fail. | `string` | n/a | yes |
+| [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| [private\_zone](#input\_private\_zone) | Flag indicating public or private zone. Assumes private by default, and can set public only for non-gov region | `bool` | `true` | no |
+| [record\_type](#input\_record\_type) | Type of DNS record to create: cname, a, aaaa, ptr, txt, host (ptr and a and/or aaaa) | `string` | `"host"` | no |
+| [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no |
+| [ttl](#input\_ttl) | DNS RR Time To Live (ttl). Default 900s (15m). | `number` | `900` | no |
+| [values](#input\_values) | DNS value to set for the name. May be a string or list of strings (like multiple IP addresses) | `any` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [availability\_zone\_ids](#output\_availability\_zone\_ids) | VPC Availability zone id list |
+| [availability\_zone\_names](#output\_availability\_zone\_names) | VPC Availability zone name list |
+| [availability\_zone\_suffixes](#output\_availability\_zone\_suffixes) | VPC Availability zone suffix list |
+| [heritage\_name](#output\_heritage\_name) | DNS Name created for the heritage record, if enabled |
+| [name](#output\_name) | DNS Name created (same as what was provided) |
diff --git a/aaaa/availabilty_zones.tf b/aaaa/availabilty_zones.tf
new file mode 120000
index 0000000..00a240c
--- /dev/null
+++ b/aaaa/availabilty_zones.tf
@@ -0,0 +1 @@
+../common/availabilty_zones.tf
\ No newline at end of file
diff --git a/aaaa/common.tf b/aaaa/common.tf
new file mode 120000
index 0000000..6941673
--- /dev/null
+++ b/aaaa/common.tf
@@ -0,0 +1 @@
+../common/common.tf
\ No newline at end of file
diff --git a/aaaa/data.tf b/aaaa/data.tf
new file mode 120000
index 0000000..995624d
--- /dev/null
+++ b/aaaa/data.tf
@@ -0,0 +1 @@
+../common/data.tf
\ No newline at end of file
diff --git a/aaaa/defaults.tf b/aaaa/defaults.tf
new file mode 120000
index 0000000..a5556ac
--- /dev/null
+++ b/aaaa/defaults.tf
@@ -0,0 +1 @@
+../common/defaults.tf
\ No newline at end of file
diff --git a/aaaa/entry.tf b/aaaa/entry.tf
new file mode 120000
index 0000000..f43d394
--- /dev/null
+++ b/aaaa/entry.tf
@@ -0,0 +1 @@
+../common/entry.tf
\ No newline at end of file
diff --git a/aaaa/entry_heritage.tf b/aaaa/entry_heritage.tf
new file mode 120000
index 0000000..2725450
--- /dev/null
+++ b/aaaa/entry_heritage.tf
@@ -0,0 +1 @@
+../common/entry_heritage.tf
\ No newline at end of file
diff --git a/aaaa/heritage_tags.tf b/aaaa/heritage_tags.tf
new file mode 120000
index 0000000..5a0ecdc
--- /dev/null
+++ b/aaaa/heritage_tags.tf
@@ -0,0 +1 @@
+../common/heritage_tags.tf
\ No newline at end of file
diff --git a/aaaa/main.tf b/aaaa/main.tf
new file mode 100644
index 0000000..16c5bb5
--- /dev/null
+++ b/aaaa/main.tf
@@ -0,0 +1,89 @@
+/* aws-dns :: aaaa
+* # About
+*
+* This submodule creates an AAAA (IPv6) entry of the fully qualified domain name (FQDN) selected in `name`. The zone
+* is calculcated by splitting after the first dot. If the zone does not exist in Route 53, and the zone is not associated
+* with the VPC in which this is executed, you will get an error such as this:
+*
+* ```script
+* Error: no matching Route53Zone found
+*
+* with module.lakefront_cname_test.data.aws_route53_zone.zone,
+* on .terraform/modules/lakefront_cname_test/cname/zone_forward.tf line 2, in data "aws_route53_zone" "zone":
+* 2: data "aws_route53_zone" "zone" {
+* ```
+*
+* You will need to either fix the domain name (zone) or request the VPC have access to the zone. Generally speaking,
+* all zones where DNS entries are permitted are already associated with the appropriate VPCs. Under normal conditions,
+* you will want to use the `var.vpc_domain_name` (from the shared parent VPC), or from a `data` resource (see [example](#using-dhcp-options-data-resource)).
+*
+* The record(s) created use a default TTL of 900. You may change this with the `ttl` option.
+*
+* This also creates what we call a heritage record. This is an indication of _what_ thing created the record, and when. It is added by
+* the dynamic route53 Lambdas for EC2 instances, and within this module, it uses its own details.
+*
+* The record looks like:
+*
+* ```console
+* % dig +short in txt EXAMPLE
+EXAMPLE> 900 IN TXT "heritage=terraform,terraform/account_id=818199694861,terraform/region=us-gov-west-1,terraform/create_time=1679501130"
+* ```
+*
+* The fields/key-value pairs are
+*
+* | name | description |
+* |------|-------------|
+* | heritage=terraform | primary label indicating all other values will be use _terraform_/ as a prefix |
+* | {label}/{key}={value} | label (above); key and value (below) |
+* | account_id | AWS Account ID |
+* | region | AWS Region where this has been created |
+* | create_time | Unix epoch time on creation of this and the associated record |
+*
+* You may add additional values here, such as an ALB ID or other useful, short values which do not change, in the `heritage_tags` map:
+*
+* ```hcl
+* heritage_tags = {
+* alb_id = aws_lb.my_lb.id
+* }
+* ```
+*
+* Be sure not to use an ARN as a value, and avoid values which change frequently.
+*
+* # Caveats
+* ## Simple, using vpc_domain_name from parent
+*
+* ```hcl
+* module "lakefront_cname" {
+* source = "git@github.e.it.census.gov:terraform-modules/aws-dns//cname"
+*
+* name = format("%v.%v", local.app_shortname, var.vpc_domain_name)
+* values = format("%v.execute-api.%v.amazonaws.com", data.aws_api_gateway_rest_api.lakefront.id, local.region)
+* }
+* ```
+*
+# ## Using DHCP options data resource
+*
+* data "aws_vpc_dhcp_options" "options" {
+* filter {
+* name = "vpc-id"
+* values = [local.vpc_id]
+* }
+* }
+*
+* module "stat_cname"
+* {
+* source = "git@github.e.it.census.gov:terraform-modules/aws-dns//cname"
+* name = format("%v.%v","stat",data.aws_vpc_dhc_options.options.domain_name)
+* values = aws_lb.adsd_dapps_dev_stat_lb.dns_name
+* }
+* ```
+*
+*/
+
+locals {
+ record_type = "aaaa"
+ # values = [local.default_values[0]]
+ ipv4_hosts = [for h in local.default_values : h if length(regexall("\\.", h)) == 3 && ! can(regex("/", h))]
+ ipv6_hosts = [for h in local.default_values : h if length(regexall(":", h)) != 0 && ! can(regex("/", h))]
+ values = local.ipv6_hosts
+}
diff --git a/aaaa/output.tf b/aaaa/output.tf
new file mode 100644
index 0000000..93df745
--- /dev/null
+++ b/aaaa/output.tf
@@ -0,0 +1,9 @@
+output "name" {
+ description = "DNS Name created (same as what was provided)"
+ value = var.name
+}
+
+output "heritage_name" {
+ description = "DNS Name created for the heritage record, if enabled"
+ value = try(aws_route53_record.entry_heritage[0].name, null)
+}
diff --git a/aaaa/prefixes.tf b/aaaa/prefixes.tf
new file mode 120000
index 0000000..7e265d5
--- /dev/null
+++ b/aaaa/prefixes.tf
@@ -0,0 +1 @@
+../common/prefixes.tf
\ No newline at end of file
diff --git a/aaaa/variables.common.availability_zones.tf b/aaaa/variables.common.availability_zones.tf
new file mode 120000
index 0000000..dca20a3
--- /dev/null
+++ b/aaaa/variables.common.availability_zones.tf
@@ -0,0 +1 @@
+../common/variables.common.availability_zones.tf
\ No newline at end of file
diff --git a/aaaa/variables.common.tf b/aaaa/variables.common.tf
new file mode 120000
index 0000000..7439ed8
--- /dev/null
+++ b/aaaa/variables.common.tf
@@ -0,0 +1 @@
+../common/variables.common.tf
\ No newline at end of file
diff --git a/aaaa/variables.tf b/aaaa/variables.tf
new file mode 120000
index 0000000..72202b3
--- /dev/null
+++ b/aaaa/variables.tf
@@ -0,0 +1 @@
+../common/variables.tf
\ No newline at end of file
diff --git a/aaaa/version.tf b/aaaa/version.tf
new file mode 120000
index 0000000..b83c5b7
--- /dev/null
+++ b/aaaa/version.tf
@@ -0,0 +1 @@
+../common/version.tf
\ No newline at end of file
diff --git a/aaaa/versions.tf b/aaaa/versions.tf
new file mode 120000
index 0000000..41bb22f
--- /dev/null
+++ b/aaaa/versions.tf
@@ -0,0 +1 @@
+../common/versions.tf
\ No newline at end of file
diff --git a/aaaa/x b/aaaa/x
new file mode 100644
index 0000000..8e62cc2
--- /dev/null
+++ b/aaaa/x
@@ -0,0 +1,4 @@
+../common/entry_heritage.tf
+../common/entry.tf
+../common/heritage_tags.tf
+../common/zone_forward.tf
diff --git a/aaaa/zone_forward.tf b/aaaa/zone_forward.tf
new file mode 120000
index 0000000..92b9dd1
--- /dev/null
+++ b/aaaa/zone_forward.tf
@@ -0,0 +1 @@
+../common/zone_forward.tf
\ No newline at end of file
diff --git a/common/defaults.tf b/common/defaults.tf
index 1c5717f..2f41322 100644
--- a/common/defaults.tf
+++ b/common/defaults.tf
@@ -2,8 +2,8 @@ locals {
_defaults = {
enable_ptr = {
cname = false
- a = false
- aaaa = false
+ a = true
+ aaaa = true
txt = false
host = true
ptr = true
diff --git a/common/entry_ptr.tf b/common/entry_ptr.tf
new file mode 100644
index 0000000..8ce7802
--- /dev/null
+++ b/common/entry_ptr.tf
@@ -0,0 +1,39 @@
+module "entry_ip_addresses" {
+ source = "git@github.e.it.census.gov:terraform-modules/dns-lookup.git?ref=tf-upgrade"
+ hosts = local.values
+}
+
+locals {
+ ipv4_ptr_zones = distinct([for k, v in module.entry_ip_addresses.results_ipv4 : v.network_ptr_sorted])
+ ipv6_ptr_zones = distinct([for k, v in module.entry_ip_addresses.results_ipv6 : v.network_ptr_sorted])
+}
+
+data "aws_route53_zone" "ipv4_ptr" {
+ for_each = local.default_enable_ptr && contains(local.record_type, ["a", "host"]) ? toset(local.ipv4_ptr_zones) : toset([])
+ name = each.key
+ private_zone = local.private
+}
+
+data "aws_route53_zone" "ipv6_ptr" {
+ for_each = toset(local.ipv6_ptr_zones)
+ name = each.key
+ private_zone = local.private
+}
+
+resource "aws_route53_record" "entry_ipv4_ptr" {
+ for_each = local.default_enable_ptr && contains(local.record_type, ["a", "host"]) ? module.entry_ip_addresses.results_ipv4 : {}
+ zone_id = data.aws_route53_zone.ipv4_ptr[each.value.network_ptr_sorted].zone_id
+ name = each.value.ptr_sorted
+ type = "PTR"
+ ttl = var.ttl
+ records = [var.name]
+}
+
+resource "aws_route53_record" "entry_ipv6_ptr" {
+ for_each = local.default_enable_ptr && contains(local.record_type, ["aaaa", "host"]) ? module.entry_ip_addresses.results_ipv6 : {}
+ zone_id = data.aws_route53_zone.ipv6_ptr[each.value.network_ptr_sorted].zone_id
+ name = each.value.ptr_sorted
+ type = "PTR"
+ ttl = var.ttl
+ records = [var.name]
+}
diff --git a/common/entry_ptr_heritage.tf b/common/entry_ptr_heritage.tf
new file mode 100644
index 0000000..e1f5f36
--- /dev/null
+++ b/common/entry_ptr_heritage.tf
@@ -0,0 +1,23 @@
+locals {
+ ptr_heritage_prefix = lookup(local._defaults.heritage_prefix, "ptr", "") != "" ? format("%v.", lookup(local._defaults.heritage_prefix, "ptr")) : ""
+}
+
+resource "aws_route53_record" "entry_ipv4_ptr_heritage" {
+ for_each = var.enable_heritage ? module.entry_ip_addresses.results_ipv4 : {}
+
+ zone_id = data.aws_route53_zone.ipv4_ptr[each.value.network_ptr_sorted].zone_id
+ name = format("%v%v", local.ptr_heritage_prefix, aws_route53_record.entry_ipv4_ptr[each.key].name)
+ type = "TXT"
+ ttl = var.ttl
+ records = [join(",", concat(local.base_heritage_tags, local.heritage_tags))]
+}
+
+resource "aws_route53_record" "entry_ipv6_ptr_heritage" {
+ for_each = var.enable_heritage ? module.entry_ip_addresses.results_ipv6 : {}
+
+ zone_id = data.aws_route53_zone.ipv6_ptr[each.value.network_ptr_sorted].zone_id
+ name = format("%v%v", local.ptr_heritage_prefix, aws_route53_record.entry_ipv6_ptr[each.key].name)
+ type = "TXT"
+ ttl = var.ttl
+ records = [join(",", concat(local.base_heritage_tags, local.heritage_tags))]
+}
diff --git a/common/ip_addresses.tf b/common/ip_addresses.tf
new file mode 100644
index 0000000..cb44922
--- /dev/null
+++ b/common/ip_addresses.tf
@@ -0,0 +1,7 @@
+locals {
+ # Some ip ranges
+ ip_ranges = []
+
+ ipv4_subnets = [for cidr in local.ip_ranges : cidr if ! can(regex("::", cidr))]
+ ipv6_subnets = [for cidr in local.ip_ranges : cidr if can(regex("::", cidr))]
+}
diff --git a/common/ptr.txt b/common/ptr.txt
new file mode 100644
index 0000000..52dc4f9
--- /dev/null
+++ b/common/ptr.txt
@@ -0,0 +1,47 @@
+> local.hosts
+[
+ "1.2.3.4",
+ "4.5.6.7",
+ "10.10.10.10/32",
+ "10.100.0.0/16",
+ "2610:20::/64",
+ "2620:20:1:2:3:4::15",
+]
+> local.ipv4_hosts
+[
+ "1.2.3.4",
+ "4.5.6.7",
+]
+> local.ipv6_hosts
+[
+ "2620:20:1:2:3:4::15",
+]
+> exit
+# ending v1.9.1 action console file logs/console.20230324.1679683963.log stamp 20230324.1679683963 start 1679683963 end 1679683975 elapsed 12
+
+
+# results in file logs/console.20230324.1679683963.log stamp 20230324.1679683963 status=0
+badra001@redwood:Y (master)$
+badra001@redwood:Y (master)$
+badra001@redwood:Y (master)$
+badra001@redwood:Y (master)$
+badra001@redwood:Y (master)$ cat tss
+cat: tss: No such file or directory
+badra001@redwood:Y (master)$ cat test.tf
+locals {
+ hosts = ["1.2.3.4","4.5.6.7","10.10.10.10/32","10.100.0.0/16","2610:20::/64","2620:20:1:2:3:4::15"]
+# hosts = ["1.2.3.4","4.5.6.7","2620:20:1:2:3:4::15"]
+ ipv4_hosts = [ for h in local.hosts: h if length(regexall("\\.",h))==3 && !can(regex("/",h)) ]
+ ipv6_hosts = [ for h in local.hosts: h if length(regexall(":",h))!=0 && !can(regex("/",h)) ]
+}
+
+data "dns_a_record_set" "hosts" {
+ for_each = toset(local.ipv4_hosts)
+ host = each.key
+}
+
+data "dns_aaaa_record_set" "hosts" {
+ for_each = toset(local.ipv6_hosts)
+ host = each.key
+}
+
diff --git a/common/version.tf b/common/version.tf
index fa2705b..374ba43 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,3 +1,3 @@
locals {
- _module_version = "1.0.0"
+ _module_version = "1.0.1"
}
diff --git a/host/.terraform.lock.hcl b/host/.terraform.lock.hcl
new file mode 100644
index 0000000..ab6081e
--- /dev/null
+++ b/host/.terraform.lock.hcl
@@ -0,0 +1,44 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+ version = "4.60.0"
+ constraints = ">= 4.0.0"
+ hashes = [
+ "h1:b2U4EncUaHCsQuiePo/yHZiH5ib0rx+P/qG4LC8pGlA=",
+ "zh:1853d6bc89e289ac36c13485e8ff877c1be8485e22f545bb32c7a30f1d1856e8",
+ "zh:4321d145969e3b7ede62fe51bee248a15fe398643f21df9541eef85526bf3641",
+ "zh:4c01189cc6963abfe724e6b289a7c06d2de9c395011d8d54efa8fe1aac444e2e",
+ "zh:5934db7baa2eec0f9acb9c7f1c3dd3b3fe1e67e23dd4a49e9fe327832967b32b",
+ "zh:5fbedf5d55c6e04e34c32b744151e514a80308e7dec633a56b852829b41e4b5a",
+ "zh:651558e1446cc05061b75e6f5cc6e2959feb17615cd0ace6ec7a2bcc846321c0",
+ "zh:76875eb697916475e554af080f9d4d3cd1f7d5d58ecdd3317a844a30980f4eec",
+ "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+ "zh:a52528e6d6c945a6ac45b89e9a70a5435148e4c151241e04c231dd2acc4a8c80",
+ "zh:af5f94c69025f1c2466a3cf970d1e9bed72938ec33b976c8c067468b6707bb57",
+ "zh:b6692fad956c9d4ef4266519d9ac2ee9f699f8f2c21627625c9ed63814d41590",
+ "zh:b74311af5fa5ac6e4eb159c12cfb380dfe2f5cd8685da2eac8073475f398ae60",
+ "zh:cc5aa6f738baa42edacba5ef1ca0969e5a959422e4491607255f3f6142ba90ed",
+ "zh:dd1a7ff1b22f0036a76bc905a8229ce7ed0a7eb5a783d3a2586fb1bd920515c3",
+ "zh:e5ab40c4ad0f1c7bd4d5d834d1aa144e690d1a93329d73b3d37512715a638de9",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/time" {
+ version = "0.9.1"
+ hashes = [
+ "h1:NUv/YtEytDQncBQ2mTxnUZEy/rmDlPYmE9h2iokR0vk=",
+ "zh:00a1476ecf18c735cc08e27bfa835c33f8ac8fa6fa746b01cd3bcbad8ca84f7f",
+ "zh:3007f8fc4a4f8614c43e8ef1d4b0c773a5de1dcac50e701d8abc9fdc8fcb6bf5",
+ "zh:5f79d0730fdec8cb148b277de3f00485eff3e9cf1ff47fb715b1c969e5bbd9d4",
+ "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+ "zh:8c8094689a2bed4bb597d24a418bbbf846e15507f08be447d0a5acea67c2265a",
+ "zh:a6d9206e95d5681229429b406bc7a9ba4b2d9b67470bda7df88fa161508ace57",
+ "zh:aa299ec058f23ebe68976c7581017de50da6204883950de228ed9246f309e7f1",
+ "zh:b129f00f45fba1991db0aa954a6ba48d90f64a738629119bfb8e9a844b66e80b",
+ "zh:ef6cecf5f50cda971c1b215847938ced4cb4a30a18095509c068643b14030b00",
+ "zh:f1f46a4f6c65886d2dd27b66d92632232adc64f92145bf8403fe64d5ffa5caea",
+ "zh:f79d6155cda7d559c60d74883a24879a01c4d5f6fd7e8d1e3250f3cd215fb904",
+ "zh:fd59fa73074805c3575f08cd627eef7acda14ab6dac2c135a66e7a38d262201c",
+ ]
+}
diff --git a/host/README.md b/host/README.md
new file mode 100644
index 0000000..95f732a
--- /dev/null
+++ b/host/README.md
@@ -0,0 +1,97 @@
+# About
+
+This submodule creates A (IPv4), AAAA (IPv6) and PTR entries of the fully qualified domain name (FQDN) selected in `name`. The zone
+is calculcated by splitting after the first dot. If the zone does not exist in Route 53, and the zone is not associated
+with the VPC in which this is executed, you will get an error such as this:
+
+```script
+Error: no matching Route53Zone found
+
+ with module.lakefront_cname_test.data.aws_route53_zone.zone,
+ on .terraform/modules/lakefront_cname_test/cname/zone_forward.tf line 2, in data "aws_route53_zone" "zone":
+ 2: data "aws_route53_zone" "zone" {
+```
+
+You will need to either fix the domain name (zone) or request the VPC have access to the zone. Generally speaking,
+all zones where DNS entries are permitted are already associated with the appropriate VPCs. Under normal conditions,
+you will want to use the `var.vpc_domain_name` (from the shared parent VPC), or from a `data` resource (see [example](#using-dhcp-options-data-resource)).
+
+The record(s) created use a default TTL of 900. You may change this with the `ttl` option.
+
+This also creates what we call a heritage record. This is an indication of _what_ thing created the record, and when. It is added by
+the dynamic route53 Lambdas for EC2 instances, and within this module, it uses its own details.
+
+The record looks like:
+
+```console
+% dig +short in txt EXAMPLE
+```
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 1.0 |
+| [aws](#requirement\_aws) | >= 4 |
+| [time](#requirement\_time) | >= 0.9.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | 4.60.0 |
+| [time](#provider\_time) | 0.9.1 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [entry\_ip\_addresses](#module\_entry\_ip\_addresses) | git@github.e.it.census.gov:terraform-modules/dns-lookup.git | tf-upgrade |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_route53_record.entry](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [aws_route53_record.entry_heritage](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [aws_route53_record.entry_ipv4_ptr](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [aws_route53_record.entry_ipv4_ptr_heritage](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [aws_route53_record.entry_ipv6_ptr](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [aws_route53_record.entry_ipv6_ptr_heritage](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [time_static.timestamp](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/static) | resource |
+| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_availability_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zone) | data source |
+| [aws_availability_zones.zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_route53_zone.ipv4_ptr](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
+| [aws_route53_zone.ipv6_ptr](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
+| [aws_route53_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no |
+| [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
+| [availability\_zones](#input\_availability\_zones) | AWS Availability Zones to use (by default will use all available) | `list(string)` | `[]` | no |
+| [enable\_heritage](#input\_enable\_heritage) | Flag to enable or disable creation a TXT record for heritage. For CNAMEs, it uses a prefix of \_txt on the name | `bool` | `true` | no |
+| [enable\_ptr](#input\_enable\_ptr) | Flag to enable or disable creation of a PTR record. Used for type ptr and host | `bool` | `null` | no |
+| [heritage\_tags](#input\_heritage\_tags) | Map of key/value pairs to set into the heritage. These should be static so as not to update the heritage TXT record frequently | `map(string)` | `{}` | no |
+| [name](#input\_name) | FQDN DNS name to create. If the zone (everything after the first dot) does not exist or is not associated to the VPC, this creation will fail. | `string` | n/a | yes |
+| [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| [private\_zone](#input\_private\_zone) | Flag indicating public or private zone. Assumes private by default, and can set public only for non-gov region | `bool` | `true` | no |
+| [record\_type](#input\_record\_type) | Type of DNS record to create: cname, a, aaaa, ptr, txt, host (ptr and a and/or aaaa) | `string` | `"host"` | no |
+| [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no |
+| [ttl](#input\_ttl) | DNS RR Time To Live (ttl). Default 900s (15m). | `number` | `900` | no |
+| [values](#input\_values) | DNS value to set for the name. May be a string or list of strings (like multiple IP addresses) | `any` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [availability\_zone\_ids](#output\_availability\_zone\_ids) | VPC Availability zone id list |
+| [availability\_zone\_names](#output\_availability\_zone\_names) | VPC Availability zone name list |
+| [availability\_zone\_suffixes](#output\_availability\_zone\_suffixes) | VPC Availability zone suffix list |
+| [heritage\_name](#output\_heritage\_name) | DNS Name created for the heritage record, if enabled |
+| [name](#output\_name) | DNS Name created (same as what was provided) |
diff --git a/host/availabilty_zones.tf b/host/availabilty_zones.tf
new file mode 120000
index 0000000..00a240c
--- /dev/null
+++ b/host/availabilty_zones.tf
@@ -0,0 +1 @@
+../common/availabilty_zones.tf
\ No newline at end of file
diff --git a/host/common.tf b/host/common.tf
new file mode 120000
index 0000000..6941673
--- /dev/null
+++ b/host/common.tf
@@ -0,0 +1 @@
+../common/common.tf
\ No newline at end of file
diff --git a/host/data.tf b/host/data.tf
new file mode 120000
index 0000000..995624d
--- /dev/null
+++ b/host/data.tf
@@ -0,0 +1 @@
+../common/data.tf
\ No newline at end of file
diff --git a/host/defaults.tf b/host/defaults.tf
new file mode 120000
index 0000000..a5556ac
--- /dev/null
+++ b/host/defaults.tf
@@ -0,0 +1 @@
+../common/defaults.tf
\ No newline at end of file
diff --git a/host/entry.tf b/host/entry.tf
new file mode 120000
index 0000000..f43d394
--- /dev/null
+++ b/host/entry.tf
@@ -0,0 +1 @@
+../common/entry.tf
\ No newline at end of file
diff --git a/host/entry_heritage.tf b/host/entry_heritage.tf
new file mode 120000
index 0000000..2725450
--- /dev/null
+++ b/host/entry_heritage.tf
@@ -0,0 +1 @@
+../common/entry_heritage.tf
\ No newline at end of file
diff --git a/host/entry_ptr.tf b/host/entry_ptr.tf
new file mode 120000
index 0000000..95c6675
--- /dev/null
+++ b/host/entry_ptr.tf
@@ -0,0 +1 @@
+../common/entry_ptr.tf
\ No newline at end of file
diff --git a/host/entry_ptr_heritage.tf b/host/entry_ptr_heritage.tf
new file mode 120000
index 0000000..5902a65
--- /dev/null
+++ b/host/entry_ptr_heritage.tf
@@ -0,0 +1 @@
+../common/entry_ptr_heritage.tf
\ No newline at end of file
diff --git a/host/heritage_tags.tf b/host/heritage_tags.tf
new file mode 120000
index 0000000..5a0ecdc
--- /dev/null
+++ b/host/heritage_tags.tf
@@ -0,0 +1 @@
+../common/heritage_tags.tf
\ No newline at end of file
diff --git a/host/main.tf b/host/main.tf
new file mode 100644
index 0000000..531e786
--- /dev/null
+++ b/host/main.tf
@@ -0,0 +1,89 @@
+/* aws-dns :: host
+* # About
+*
+* This submodule creates A (IPv4), AAAA (IPv6) and PTR entries of the fully qualified domain name (FQDN) selected in `name`. The zone
+* is calculcated by splitting after the first dot. If the zone does not exist in Route 53, and the zone is not associated
+* with the VPC in which this is executed, you will get an error such as this:
+*
+* ```script
+* Error: no matching Route53Zone found
+*
+* with module.lakefront_cname_test.data.aws_route53_zone.zone,
+* on .terraform/modules/lakefront_cname_test/cname/zone_forward.tf line 2, in data "aws_route53_zone" "zone":
+* 2: data "aws_route53_zone" "zone" {
+* ```
+*
+* You will need to either fix the domain name (zone) or request the VPC have access to the zone. Generally speaking,
+* all zones where DNS entries are permitted are already associated with the appropriate VPCs. Under normal conditions,
+* you will want to use the `var.vpc_domain_name` (from the shared parent VPC), or from a `data` resource (see [example](#using-dhcp-options-data-resource)).
+*
+* The record(s) created use a default TTL of 900. You may change this with the `ttl` option.
+*
+* This also creates what we call a heritage record. This is an indication of _what_ thing created the record, and when. It is added by
+* the dynamic route53 Lambdas for EC2 instances, and within this module, it uses its own details.
+*
+* The record looks like:
+*
+* ```console
+* % dig +short in txt EXAMPLE
+EXAMPLE> 900 IN TXT "heritage=terraform,terraform/account_id=818199694861,terraform/region=us-gov-west-1,terraform/create_time=1679501130"
+* ```
+*
+* The fields/key-value pairs are
+*
+* | name | description |
+* |------|-------------|
+* | heritage=terraform | primary label indicating all other values will be use _terraform_/ as a prefix |
+* | {label}/{key}={value} | label (above); key and value (below) |
+* | account_id | AWS Account ID |
+* | region | AWS Region where this has been created |
+* | create_time | Unix epoch time on creation of this and the associated record |
+*
+* You may add additional values here, such as an ALB ID or other useful, short values which do not change, in the `heritage_tags` map:
+*
+* ```hcl
+* heritage_tags = {
+* alb_id = aws_lb.my_lb.id
+* }
+* ```
+*
+* Be sure not to use an ARN as a value, and avoid values which change frequently.
+*
+* # Caveats
+* ## Simple, using vpc_domain_name from parent
+*
+* ```hcl
+* module "lakefront_cname" {
+* source = "git@github.e.it.census.gov:terraform-modules/aws-dns//cname"
+*
+* name = format("%v.%v", local.app_shortname, var.vpc_domain_name)
+* values = format("%v.execute-api.%v.amazonaws.com", data.aws_api_gateway_rest_api.lakefront.id, local.region)
+* }
+* ```
+*
+# ## Using DHCP options data resource
+*
+* data "aws_vpc_dhcp_options" "options" {
+* filter {
+* name = "vpc-id"
+* values = [local.vpc_id]
+* }
+* }
+*
+* module "stat_cname"
+* {
+* source = "git@github.e.it.census.gov:terraform-modules/aws-dns//cname"
+* name = format("%v.%v","stat",data.aws_vpc_dhc_options.options.domain_name)
+* values = aws_lb.adsd_dapps_dev_stat_lb.dns_name
+* }
+* ```
+*
+*/
+
+locals {
+ record_type = "host"
+ # values = [local.default_values[0]]
+ ipv4_hosts = [for h in local.default_values : h if length(regexall("\\.", h)) == 3 && ! can(regex("/", h))]
+ ipv6_hosts = [for h in local.default_values : h if length(regexall(":", h)) != 0 && ! can(regex("/", h))]
+ values = concat(local.ipv4_hosts, local.ipv6_hosts)
+}
diff --git a/host/output.tf b/host/output.tf
new file mode 100644
index 0000000..93df745
--- /dev/null
+++ b/host/output.tf
@@ -0,0 +1,9 @@
+output "name" {
+ description = "DNS Name created (same as what was provided)"
+ value = var.name
+}
+
+output "heritage_name" {
+ description = "DNS Name created for the heritage record, if enabled"
+ value = try(aws_route53_record.entry_heritage[0].name, null)
+}
diff --git a/host/prefixes.tf b/host/prefixes.tf
new file mode 120000
index 0000000..7e265d5
--- /dev/null
+++ b/host/prefixes.tf
@@ -0,0 +1 @@
+../common/prefixes.tf
\ No newline at end of file
diff --git a/host/variables.common.availability_zones.tf b/host/variables.common.availability_zones.tf
new file mode 120000
index 0000000..dca20a3
--- /dev/null
+++ b/host/variables.common.availability_zones.tf
@@ -0,0 +1 @@
+../common/variables.common.availability_zones.tf
\ No newline at end of file
diff --git a/host/variables.common.tf b/host/variables.common.tf
new file mode 120000
index 0000000..7439ed8
--- /dev/null
+++ b/host/variables.common.tf
@@ -0,0 +1 @@
+../common/variables.common.tf
\ No newline at end of file
diff --git a/host/variables.tf b/host/variables.tf
new file mode 120000
index 0000000..72202b3
--- /dev/null
+++ b/host/variables.tf
@@ -0,0 +1 @@
+../common/variables.tf
\ No newline at end of file
diff --git a/host/version.tf b/host/version.tf
new file mode 120000
index 0000000..b83c5b7
--- /dev/null
+++ b/host/version.tf
@@ -0,0 +1 @@
+../common/version.tf
\ No newline at end of file
diff --git a/host/versions.tf b/host/versions.tf
new file mode 120000
index 0000000..41bb22f
--- /dev/null
+++ b/host/versions.tf
@@ -0,0 +1 @@
+../common/versions.tf
\ No newline at end of file
diff --git a/host/x b/host/x
new file mode 100644
index 0000000..8e62cc2
--- /dev/null
+++ b/host/x
@@ -0,0 +1,4 @@
+../common/entry_heritage.tf
+../common/entry.tf
+../common/heritage_tags.tf
+../common/zone_forward.tf
diff --git a/host/zone_forward.tf b/host/zone_forward.tf
new file mode 120000
index 0000000..92b9dd1
--- /dev/null
+++ b/host/zone_forward.tf
@@ -0,0 +1 @@
+../common/zone_forward.tf
\ No newline at end of file