DNS as code and continuous deployment with OctoDNS

Fabrice Baumann
Mar 10, 2018 · 3 min read

I moved from PHP developer to DevOps around a year ago, and part of my new responsibilities is to manage our DNS records.

How complex can it be?! I did not know at the beginning, that we had to manage ~14 000 zones, with some DNS zones having more than 900 records. There was no versioning of the changes, and our DNS provider only kept 3 month of audit logs. With records being updated every day, we were counting on the JIRA tickets to know who applied the changes.

But when someone made a mistake, we had no way to know how, when or if it was really a mistake or if someone had received a message on slack and applied a change without any JIRA ticket being created.

We needed a versioning system for our DNS records.
Weirdly enough, we had one for every single app we had, all the games, website, blog, but not for our DNS records. We started looking for a tool that would resolve all our issues, and we found OctoDNS.
Github created Octodns, a python tool to manage DNS records as code (https://github.com/github/octodns).

Two of the three providers we use were already supported, and we just had to add the third one. Using Octodns to manage our DNS records brought multiple advantages:

  • We could manage our DNS records in git
  • We would keep history of the changes forever
  • Possibility to change DNS provider easily by changing a few lines of configuration
  • Move away from Primary/Secondary setup, and have all our zones set as primary zone in all our providers account while keeping them in sync at all time
  • Have Geo-based record synchronized across multiple provider, as AXFR doesn’t support geo-record synchronization

We are still working on adding new features to Octodns every day, and we hope to merge back to the main repository to allow everybody to benefit from the work we did.

We use Bamboo for continuous deployment of the changes. We moved from a process with a lack of traceability and history, to a fully versioned process with continuous deployments, validation of the changes and notifications when someone apply a change.

# Old process
1 - Technician receives a ticket
2 - Technician uses some custom script to deploy the changes to the main provider
3 - Technician resolves the ticket
----------------------------------------
# New process
1 - Technician receives a ticket
2 - Technician apply the changes in the OctoDNS configuration and commit his changes in git with the ticket ID in the commit message and pushes the changes to the central git repository
4 - Bamboo verify the config is valid and deploys it to all providers
5 - Bamboo notify the entire team about the recent changes
6 - Technician resolves the ticket
Image for post
Image for post
OctoDNS configuration is easy to understand

If you have to manage multiple DNS zones, we strongly encourage you to take a look at OctoDNS as it will make your life easier. The configuration is easy to understand, and we also published a Dockerfile on our github repository for those who do not wish to setup OctoDNS directly on their workstation (https://github.com/MindGeekOSS/octodns/blob/master/Dockerfile).

We picked OctoDNS, but I am sure there is plenty of other amazing tools that do the same job.
Please share in the comments below, which tool you use to manage your DNS records and your experience about it.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store