Using modern Ops tooling to manage DNS: Part 1
The Problem
I recently asked Ops Twitter for some input on a problem I've been putting off solving for a while: how can I use nice, modern tooling like Terraform to manage multiple domain's DNS records?
Now, before we get started: I know how to do this!
I can happily manage a Terraform definition file made up of repeated versions of resources looking like this:
resource "aws_route53_record" "www" {
zone_id = "${aws_route53_zone.primary.zone_id}"
name = "www.example.com"
type = "A"
ttl = "300"
records = ["1.2.3.4, 4.5.6.7"]
}
But imagine the situation where one has multiple domains, each with a fair few records … that's going to get pretty verbose, pretty quickly.
So what I was asking Ops Twitter was slightly more nuanced: how can I use Terraform (or equivalent) to manage these records - but without having to manage the resource definitions manually?
The Solution?
A bunch of folks gave me some pointers and opinions:
- I noted and unfairly ruled out StackExchange's dnscontrol
- Chris Short thought that maybe some templating, possibly inside Ansible, could work
- Chris Little said that DIYing some scripts worked for them
- Spencer Krum pointed out something that looks great: a tool called tfz53. It uses Bind zone files to store the underlying record data, which may not be to some people's taste
- Aquarion mentioned their DIY Ansible setup to do this
- Brian Christie pointed out an IaaS-management library called Pulumi, which is available in multiple language and looks to handle a lot more than just DNS
- I mentioned the UK Goverment Digital Service's tool in this space which (IMHO!) does some things slightly oddly, but has some good ideas which I might end up stealing!
Over the next couple of weeks I'm going to take a look at the practicalities of using each of these, along with any other relevant tools that pop up.
Stay tuned for some more posts in this area …