dnscontrol icon indicating copy to clipboard operation
dnscontrol copied to clipboard

Published 20 hours ago verified publisher icon StackExchange

Question: Route53 Private Zones

Open nlowe opened this issue 5 years ago • 13 comments

As far as I can tell there's no distinction between public / private R53 zones for dnscontrol. I want to use dnscontrol to add some records in my private zone and some records in my public zone. Both zones have the same name, but dnscontrol always picks the public zone. I looked over the provider code briefly and I don't see a way to specify a zone ID or public / private filter when setting up the provider. Is there something I'm missing?

nlowe avatar Mar 06 '19 21:03 nlowe

You aren't missing anything. dnscontrol is :-)

There currently isn't a way to specify public vs. private zones. We'd gladly accept a PR that would add this feature. Feel free to use this Github issue to discuss your design ideas.

tlimoncelli avatar Mar 06 '19 21:03 tlimoncelli

It looks like AWS will allow you to create multiple private zones with the same name if they are associated with different VPC's.

We already have R53_ZONE as a modifier for R53_ALIAS records. We could re-use this and make it context aware:

  • If it's used in the context of a D(), add set a r53_zone_id property on the domain
  • If it's used in the context of a R53_Alias(), keep the existing behavior

The way the provider tracks zones would have to change a bit to be able to filter by the zone ID. I'm thinking of changing it from map[string]*r53.HostedZone to map[string]map[string]*r53.HostedZone. You'd then get a zone via provider.zones[d.name][d.r53ZoneID] if a zone id is specified. If no zone id is specified, the first entry in the second map is returned and a warning is printed.

Documentation would be interesting. Currently it's listed as a record modifier. With this change it would be both a domain modifier and a record modifier. What do you think?

nlowe avatar Mar 06 '19 22:03 nlowe

What do you think?

Sadly the only AWS service I use is route53. Therefore I'm not a good judge of what what is best for this kind of feature. Maybe @cdhunt or other people have feedback?

tlimoncelli avatar Mar 06 '19 22:03 tlimoncelli

Hmm, looking at it more that design would require changing the signature of models.DNSProvider.Getnameservers since we would need to know the zone ID in that context. The context it's called from already has a reference to a *models.DomainConfig so we could just pass that instead, but that would require updating all providers.

nlowe avatar Mar 06 '19 22:03 nlowe

I've done very little with AWS hosted DNS and never with Private zones, but my thought would be to use D() since it is technically a different zone.

cdhunt avatar Mar 08 '19 13:03 cdhunt

Has there been any traction on this? I am also interested in this capability. We have a large scale environment with overlapping private namespaces in AWS Route53. If I could specify the target ZoneID for the push process that would help tremendously.

chathamws avatar May 08 '19 22:05 chathamws

Sadly nobody has volunteered yet. If you'd be interested, I'd be glad to mentor/guide.

tlimoncelli avatar May 08 '19 22:05 tlimoncelli

Thanks for the quick response. Unfortunately I'm not go savvy just yet. I'm fluent in a few other programming languages, so I will probably catch on quick, however timing is just not permitting at the moment.

chathamws avatar May 09 '19 15:05 chathamws

No worries. (By the way... some people have learned Go by adding features to DnsControl. Cite https://everythingsysadmin.com/2017/08/go-get-up-to-speed.html)

tlimoncelli avatar May 09 '19 16:05 tlimoncelli

@tlimoncelli you got any suggestions for where to start implementing this using D() Would be useful for a couple of places I use dnscontrol so happy to take a go at implementing this but would need some pointers on where to start.

stephenrob avatar Jul 10 '21 19:07 stephenrob

This might've been addressed by this pull request

truthdoug avatar Oct 27 '21 19:10 truthdoug

Thanks for responding. I will have to revisit and test this somehow, but based on the description it should address what I was asking for. On Wednesday, October 27, 2021, 12:15:47 PM PDT, Doug Harris @.***> wrote:

This might've been addressed by this pull request

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

chathamws avatar Oct 28 '21 16:10 chathamws

@chathamws were you able to re-try using dnscontrol for Route53 private zones? If so, please add a comment to this discussion.

truthdoug avatar Feb 28 '22 16:02 truthdoug

Good news! This is supported.

If you look at https://github.com/StackExchange/dnscontrol/issues/2296#issuecomment-1522201407 you'll see an example.

tlimoncelli avatar May 16 '23 00:05 tlimoncelli

Maybe it would be nice to include this example in the documentation? cc: @tlimoncelli @tjstansell.

cafferata avatar May 17 '23 20:05 cafferata

Maybe it would be nice to include this example in the documentation? cc: @tlimoncelli @tjstansell.

I believe 489be2e3d added that. Is that what you meant?

tlimoncelli avatar May 18 '23 19:05 tlimoncelli

Yes, but didn't found it at R53_ZONE(). I'll take this further in GitHub pull request https://github.com/StackExchange/dnscontrol/pull/2379. 👍

cafferata avatar May 19 '23 14:05 cafferata