dnscontrol icon indicating copy to clipboard operation
dnscontrol copied to clipboard
verified publisher icon StackExchange

Changes are ignored when DnsProvider() is not defined

Open devblackops opened this issue 1 year ago • 4 comments

Is your feature request related to a problem? Please describe.

A zone defined like the following (without a DnsProvider() defined) silently ignores that the TXT record should be created. The required changes are not shown in preview either.

var REG_NAMECOM = NewRegistrar("name.com");

D("example.com", REG_NAMECOM,
    NAMESERVER("ns1-09.azure-dns.com."),
    NAMESERVER("ns2-09.azure-dns.net."),
    NAMESERVER("ns3-09.azure-dns.org."),
    NAMESERVER("ns4-09.azure-dns.info."),
    TXT("@", "foo"),
}

When adding DnsProvider() the records are correctly added.

var REG_NAMECOM = NewRegistrar("name.com");
var azure = NewDnsProvider("azuredns")

D("example.com", REG_NAMECOM, DnsProvider(azure),
    TXT("@", "foo"),
}

Describe the solution you'd like A warning is shown if DnsProvider() is not provided so required changes are not suppressed.

devblackops avatar May 21 '24 22:05 devblackops

interesting, how to add glue records?

lolifamily avatar May 22 '24 16:05 lolifamily

Well, let's consider all the possibilities.

  • A registrar can be "something" (like ROUTE53, etc) or "none" (the "NONE" provider, meaning "don't update the registrar".
  • A DnsProvider can be nil (none specified), "something" (like NAMEDOTCOM or BIND), or "none" (the "NONE" provider, meaning we intentionally don't want to update the zone's records)

That gives us 6 combinations:

R:something D:none No warning needed. This is a normal "delegated domain" where we control the registrar, but someone else is controlling the zone.

R:none D:none No warning needed. This is an "inventory only" domain. It is listed in dnsconfig.js just so that "dnscontrol print-ir" lists it. This is done if you keep an inventory of domains that (for example) the company owns but other divisions manage.

R:none D:something No warning needed. This is a normal "third-party registrar." We control the zone records but someone else is controlling the registrar.

R:something D:something No warning needed. This is a normal domain. We control the registrar and the zone's records

R:something D:nil
~~This is the situation that @devblackops had. Because there was no DnsProvider(), no zone records were being updated. It is a legal combination, but it is confusing. Thus, it deserves a warning.~~ This is useful when you want DNSControl to manage the domain's nameservers, but the zone is delegated to some other system. No warning needed.

R:none D:nil
This combination doesn't make sense. Use the "inventory only" combination instead. Print: Warning: No DnsProvider() in domain example.com.

The only combinations that don't make sense are the last one. Doing that should get a warning. To turn off the warnings, add DnsProvider("NONE"). [NOTE: An earlier edit claimed 2

We can be "smart" by only displaying the warning if there are zone records.

To resolve this bug, we should print the warning if len(DomainConfig.DNSProviderNames) == 0 && len(DomainConfig.Records) != 0

tlimoncelli avatar May 22 '24 19:05 tlimoncelli

@tlimoncelli thanks for this clear explanation. 👏🏻

Certainly interesting! Because I have never thought about the situation R:none D:none (Include domain names in DNSControl for an overview.) before.

cafferata avatar May 23 '24 05:05 cafferata

Yeah, the R:none D:none is something I recently "invented".

Our legal department periodically asks for a list of all the domains we own. I generally give them the output of dnscontrol print-ir | jq -r '.domains[].name' but then I always have to remember to manually add a couple more domains that aren't maintained by DNSControl.

I know what you're thinking: Tom, there are domains you don't maintain with DNSControl? How dare you???

Yeah, crazy huh? Well, it happens. For example, I can't maintain dnscontrol-azure.com using DNSControl because it is used in our integration tests. It has to be isolated from everything else or our CI/CD pipeline would clobber our production DNSControl pipeline.

Anyway...

A few months ago I realized I could define this macro:

var REG_THIRDPARTY = NewRegistrar("none");

function INVENTORY_ONLY(name) {
    D(name, REG_THIRDPARTY, NO_NS);
}

Now we can list those domains are listed in dnsconfig.js as:

INVENTORY_ONLY("dnscontrol-azure.com");
INVENTORY_ONLY("example.com");
INVENTORY_ONLY("example2.com");

Now when I run dnscontrol print-ir | jq -r '.domains[].name' I get the list I want.

tlimoncelli avatar May 23 '24 13:05 tlimoncelli

No comments in >9 months. I'm going to assume this is resolved. Please re-open if needed.

tlimoncelli avatar Feb 05 '25 17:02 tlimoncelli

Based on @tlimoncelli’s earlier response, I am closing this GitHub issue.

cafferata avatar Feb 05 '25 19:02 cafferata

@tlimoncelli why would R:something D:nil be something that doesn't make sense, isn't this just regular own nameservers + A/AAAA glue setup?

I was expecting something like this to work:

D("example.com", REG_PORKBUN,
  NAMESERVER("ns1.example.com."),
  NAMESERVER("ns2.example.com."),
  A("ns1", "1.2.3.4"),
  A("ns2", "5.6.7.8"),
);

This might be off-topic for this specific issue and/or provider specific, but I've been trying to get the Porkbun provider to set nameservers + glue A records but have been unsuccessful. Inspecting the code, I see no mentions of the glue record APIs.

caguiclajmg avatar Sep 05 '25 12:09 caguiclajmg

@tlimoncelli why would R:something D:nil be something that doesn't make sense, isn't this just regular own nameservers + A/AAAA glue setup?

That's a good point! R:something D:nil makes sense if you just want to use DNSControl to manage the domain's nameservers, but not the DNS records.

tlimoncelli avatar Sep 05 '25 18:09 tlimoncelli