DNS as code and continuous deployment with OctoDNS
I moved from PHP developer to DevOps around a year ago, and part of my new responsibilities is to manage our DNS records.
How complex can it be?! I did not know at the beginning, that we had to manage ~14 000 zones, with some DNS zones having more than 900 records. There was no versioning of the changes, and our DNS provider only kept 3 month of audit logs. With records being updated every day, we were counting on the JIRA tickets to know who applied the changes.
But when someone made a mistake, we had no way to know how, when or if it was really a mistake or if someone had received a message on slack and applied a change without any JIRA ticket being created.
We needed a versioning system for our DNS records.
Weirdly enough, we had one for every single app we had, all the games, website, blog, but not for our DNS records. We started looking for a tool that would resolve all our issues, and we found OctoDNS.
Github created Octodns, a python tool to manage DNS records as code (https://github.com/github/octodns).
Two of the three providers we use were already supported, and we just had to add the third one. Using Octodns to manage our DNS records brought multiple advantages:
- We could manage our DNS records in git
- We would keep history of the changes forever
- Possibility to change DNS provider easily by changing a few lines of configuration
- Move away from Primary/Secondary setup, and have all our zones set as primary zone in all our providers account while keeping them in sync at all time
- Have Geo-based record synchronized across multiple provider, as AXFR doesn’t support geo-record synchronization
We are still working on adding new features to Octodns every day, and we hope to merge back to the main repository to allow everybody to benefit from the work we did.
We use Bamboo for continuous deployment of the changes. We moved from a process with a lack of traceability and history, to a fully versioned process with continuous deployments, validation of the changes and notifications when someone apply a change.
# Old process
1 - Technician receives a ticket
2 - Technician uses some custom script to deploy the changes to the main provider
3 - Technician resolves the ticket
# New process
1 - Technician receives a ticket
2 - Technician apply the changes in the OctoDNS configuration and commit his changes in git with the ticket ID in the commit message and pushes the changes to the central git repository
4 - Bamboo verify the config is valid and deploys it to all providers
5 - Bamboo notify the entire team about the recent changes
6 - Technician resolves the ticket
If you have to manage multiple DNS zones, we strongly encourage you to take a look at OctoDNS as it will make your life easier. The configuration is easy to understand, and we also published a Dockerfile on our github repository for those who do not wish to setup OctoDNS directly on their workstation (https://github.com/MindGeekOSS/octodns/blob/master/Dockerfile).
We picked OctoDNS, but I am sure there is plenty of other amazing tools that do the same job.
Please share in the comments below, which tool you use to manage your DNS records and your experience about it.