Skip to content

tgangte/code-managed-dns

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
.github/workflows
.github/workflows
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
providers.tf
providers.tf
 
 
terraform.tfvars
terraform.tfvars
 
 
variables.tf
variables.tf
 
 

Repository files navigation

code-managed-dns

Managing Multiple Authoritative DNS Nameserver Providers with Infrastructure as Code using Terraform

DNS rarely fails, but when it does, it can cause significant damage. There are numerous documented cases of authoritative DNS nameservers being DDoS'd, leading to website downtime. DYN DDOS 2016

This risk can be mitigated by using not just one, but two authoritative nameservers. If desired, you can use even more authoritative nameservers, though this might be overkill.

Effectively, this means that you need two DNS providers, and both of them need to have the exact same DNS records (such as A records, CNAMEs, etc.). Normally, DNS settings are configured via the respective DNS provider’s portal, but this becomes unmanageable when using a dual DNS setup. Infrastructure as code to the rescue!

In this case, we use Terraform to orchestrate and synchronize the DNS settings across multiple DNS providers.

Supported providers

Authentication

Each portal requires authentication keys, which you can store locally in the enviornment variable.

For NS1, Execute this:

export TF_VAR_ns1_apikey="insert key from ns1 portal"

For Cloudflare,

export TF_VAR_cloudflare_api_token="insert token from cloudflare portal"

Usage

As a prerequisite, you need to specify the Nameservers of your providers in the domain registrar's portal as a on tiem step. That will allow the respective providers to create and manage records.

The terraform.tvfars has the DNS records that we want to add. This is a list and you can add as many records as you need.

simple_records_under_zone = [
  {
    zone         = "example.com"
    domain       = "domain1.example.com"
    ttl          = 84000
    record_type  = "CNAME"
    record_value = "testcname.example.com"
  },

The main.tf has the configs for the providers and executes the creation of the records, you can comment out any provider you do not wish to use with /% comment %/

To execute

cd code-managed-dns
terraform init
terraform plan
terraform apply

Notes:

  • I use Terraform Cloud to store the state files, but there are many other options such as Azure, S3 etc.
  • Complex records such as DNS round robin, healthcheck or alias records can be added based on provider support

About

Authorative DNS Nameserver providers managed via Terraform

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages