[tech] UCC DNS - Progress on syncing from ucc.machines and zonemake.py through to Cloudflare
Mark Tearle
mtearle at ucc.asn.au
Tue Dec 1 21:39:16 AWST 2020
Hi folks
I've been working on providing the ability to sync from our local DNS config with appropriate changes up to Cloudflare.
To date this has involved the following:
* hacking zonemake.py to output a YAML file for each zone, adding tags, and config to reflect proxying scenarios
* writing a quick audit script to work out what changes would be needed to ucc.machines in advance of the sync
* hacking zonemake.py to output a YAML file in the form OctoDNS requires
* making OctoDNS work under Python 3.9 ( https://github.com/github/octodns/pull/632 )
* making OctoDNS support LOC records ( https://github.com/github/octodns/pull/635 )
* writing a quick script on mooneye - /usr/local/octodns/update-ucc-cloudflare.sh - to run the necessary octoDNS commands to do the sync
Currently only ucc.guild.uwa.edu.au is being synced. /usr/local/octodns/update-ucc-cloudflare.sh currently points at my local development installation of octoDNS
Next steps are:
* Audit ucc.gu.uwa.edu.au and ucc.asn.au for the necessary changes needed in ucc.machines for syncing to Cloudflare
* Make liberal backups before syncing
* Add config under /usr/local/octodns (in the script and config directory) for ucc.gu.uwa.edu.au and ucc.asn.au
* Sync these up to Cloudflare
* Review changes with audit script afterwards
* Ensure octoDNS patches get merged upstream and use upstream version installed under /usr/local/octodns
* Migrate this into some form of CI arrangement based off git
* Work out solution for LE certs with DNS challenges
* Rebuild UCC internal DNS server infrastructure (mooneye) - both authoritative and resolver
Happy to explain in more detail over a video chat, or IRC, or over pizza when I'm in Perth
Cheers,
Mark
--
Mark Tearle <mtearle at ucc.asn.au>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ucc.gu.uwa.edu.au/pipermail/tech/attachments/20201201/2cb67991/attachment.htm>
More information about the tech
mailing list