Using modern Ops tooling to manage DNS: Part 1

The Problem

I recently asked Ops Twitter for some input on a problem I've been putting off solving for a while: how can I use nice, modern tooling like Terraform to manage multiple domain's DNS records?

Now, before we get started: I know how to do this!

I can happily manage a Terraform definition file made up of repeated versions of resources looking like this:

resource "aws_route53_record" "www" {
  zone_id = "${aws_route53_zone.primary.zone_id}"
  name    = "www.example.com"
  type    = "A"
  ttl     = "300"
  records = ["1.2.3.4, 4.5.6.7"]
}

But imagine the situation where one has multiple domains, each with a fair few records … that's going to get pretty verbose, pretty quickly.

So what I was asking Ops Twitter was slightly more nuanced: how can I use Terraform (or equivalent) to manage these records - but without having to manage the resource definitions manually?

The Solution?

A bunch of folks gave me some pointers and opinions:

• I noted and unfairly ruled out StackExchange's dnscontrol
• Chris Short thought that maybe some templating, possibly inside Ansible, could work
• Chris Little said that DIYing some scripts worked for them
• Spencer Krum pointed out something that looks great: a tool called tfz53. It uses Bind zone files to store the underlying record data, which may not be to some people's taste
• Aquarion mentioned their DIY Ansible setup to do this
• Brian Christie pointed out an IaaS-management library called Pulumi, which is available in multiple language and looks to handle a lot more than just DNS
• I mentioned the UK Goverment Digital Service's tool in this space which (IMHO!) does some things slightly oddly, but has some good ideas which I might end up stealing!

Over the next couple of weeks I'm going to take a look at the practicalities of using each of these, along with any other relevant tools that pop up.

Stay tuned for some more posts in this area …