[tech] UCC DNS - Progress on syncing from ucc.machines and zonemake.py through to Cloudflare

Mark Tearle mtearle at ucc.asn.au
Thu Jan 14 21:38:33 AWST 2021 

Hi folks

This evenings update:
 * ucc.asn.au is now synced from ucc.machines and zonemake.py to Cloudflare
 * Will need to chat with [MPT] about a couple of things that might need cleaning up
Next steps are:
 * Ensure octoDNS patches get merged upstream and use upstream version installed under /usr/local/octodns (for LOC  and Null SRV records)
 * Migrate this into some form of CI arrangement based off git
 * Work out and implement solution for LE certs with DNS challenges
 * Rebuild UCC internal DNS server infrastructure (mooneye) - both authoritative and resolver
Changes should start becoming easier from now on in :)     Let me know if I've broken anything ...

Cheers,
Mark
--

Mark Tearle <mtearle at ucc.asn.au>


On Sat, 5 Dec 2020, at 11:54 PM, Mark Tearle wrote:
> Hi folks
> 
> This evening's update:
>  * Audit ucc.gu.uwa.edu.au and ucc.asn.au for the necessary changes needed in ucc.machines for syncing to Cloudflare
>  * making OctoDNS work under Python 3.9 ( https://github.com/github/octodns/pull/632 ) - Pull request has been merged
>  * fix zonemake.py to naturally sort the keys in the octoDNS YAML output
>  * discovered problem with NULL SRV records ( https://github.com/github/octodns/issues/640 )
>  * temporarily commented out open.ucc.gu.uwa.edu.au and v.ucc.gu.uwa.edu.au subdomains (will discuss with [MPT] )
>  * Made backups before syncing
>  * Add config under /usr/local/octodns (in the script and config directory) for ucc.gu.uwa.edu.au and ucc.asn.au
>  * Sync'd ucc.gu.uwa.edu.au up to Cloudflare
>  * Reviewed changes with audit script afterwards
> Next steps are:
>  * Repeat above similary for ucc.asn.au once NULL SRV bug is tracked down
>  * Ensure octoDNS patches get merged upstream and use upstream version installed under /usr/local/octodns
>  * Migrate this into some form of CI arrangement based off git
>  * Work out solution for LE certs with DNS challenges
>  * Rebuild UCC internal DNS server infrastructure (mooneye) - both authoritative and resolver
> 
> Cheers
> Mark
> --
> Mark Tearle <mtearle at tearle.com>
> 
> 
> 
> On Tue, 1 Dec 2020, at 9:39 PM, Mark Tearle wrote:
>> Hi folks
>> 
>> I've been working on providing the ability to sync from our local DNS config with appropriate changes up to Cloudflare.
>> 
>> To date this has involved the following:
>>  * hacking zonemake.py to output a YAML file for each zone, adding tags, and config to reflect proxying scenarios
>>  * writing a quick audit script to work out what changes would be needed to ucc.machines in advance of the sync
>>  * hacking zonemake.py to output a YAML file in the form OctoDNS requires
>>  * making OctoDNS work under Python 3.9 ( https://github.com/github/octodns/pull/632 )
>>  * making OctoDNS support LOC records ( https://github.com/github/octodns/pull/635 )
>>  * writing a quick script on mooneye -  /usr/local/octodns/update-ucc-cloudflare.sh - to run the necessary octoDNS commands to do the sync
>> Currently only ucc.guild.uwa.edu.au is being synced.   /usr/local/octodns/update-ucc-cloudflare.sh currently points at my local development installation of octoDNS
>> 
>> Next steps are:
>>  * Audit ucc.gu.uwa.edu.au and ucc.asn.au for the necessary changes needed in ucc.machines for syncing to Cloudflare
>>  * Make liberal backups before syncing
>>  * Add config under /usr/local/octodns (in the script and config directory) for ucc.gu.uwa.edu.au and ucc.asn.au
>>  * Sync these up to Cloudflare
>>  * Review changes with audit script afterwards
>>  * Ensure octoDNS patches get merged upstream and use upstream version installed under /usr/local/octodns
>>  * Migrate this into some form of CI arrangement based off git
>>  * Work out solution for LE certs with DNS challenges
>>  * Rebuild UCC internal DNS server infrastructure (mooneye) - both authoritative and resolver
>> 
>> Happy to explain in more detail over a video chat, or IRC, or over pizza when I'm in Perth
>> 
>> Cheers,
>> Mark
>> --
>> Mark Tearle <mtearle at ucc.asn.au>
>> 
>> _______________________________________________
>> List Archives: http://lists.ucc.asn.au/pipermail/tech
>> 
>> Unsubscribe here: https://lists.ucc.gu.uwa.edu.au/mailman/options/tech/mtearle%40ucc.gu.uwa.edu.au
>> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ucc.gu.uwa.edu.au/pipermail/tech/attachments/20210114/f13c9317/attachment.htm>

More information about the tech mailing list