diff --git a/terraform/external_dns.tf b/terraform/external_dns.tf
index c7d8f4d..e5b79c8 100644
--- a/terraform/external_dns.tf
+++ b/terraform/external_dns.tf
@@ -43,7 +43,7 @@ resource "google_project_iam_member" "external_dns" {
   role    = "roles/dns.reader"
 }
 
-resource "google_dns_managed_zone_iam_member" "member" {
+resource "google_dns_managed_zone_iam_member" "external_dns" {
   project      = google_project.project.project_id
   managed_zone = google_dns_managed_zone.zone.name
   role         = "roles/dns.admin"
diff --git a/terraform/modules/k8s_workload/external_dns.tf b/terraform/modules/k8s_workload/external_dns.tf
index 12b4fc5..7df5183 100644
--- a/terraform/modules/k8s_workload/external_dns.tf
+++ b/terraform/modules/k8s_workload/external_dns.tf
@@ -12,7 +12,8 @@ variable "external_dns_gcp_service_account_email" {
 
 locals {
   external_dns_namespace     = length(kubernetes_namespace.external_dns) == 0 ? var.external_dns_k8s_namespace : kubernetes_namespace.external_dns[0].metadata[0].name
-  external_dns_domain_filter = trimsuffix("${var.cluster.name}.${var.dns_managed_zone.dns_name}", ".")
+  external_dns_domain_filter = trimsuffix("${var.dns_managed_zone.dns_name}", ".")
+  # external_dns_domain_filter needs to match a google_dns_managed_zone so to keep things simple I am only filtering to the dns_root. If we wanted to filter to the cluster subdomain, we could create a separate google_dns_managed_zone for each cluster (and set IAM permissions accordingly).
 }
 
 resource "kubernetes_namespace" "external_dns" {