hetznercloud
[Feature]: Hetzner Console DNS (Beta) - Ressource record sets should support distributed Terraform states
What whould you like to see?
Dear Hetzner team,
the new Hetzner Cloud DNS implementation works awesome - even if it's still in Beta! Please continue your great work!
There is one little thing that bothers me: The new RRSet logic seems to be incompatible to multiple Terraform states, which are caused by a multi-repo-approach.
What do I mean exactly?
I'm managing one repository with IaC code per service. This repos contains the definitions for S3 buckets, compute, DNS and so on for one specific service.
Repository "mail-infra" --> TF-state "mail-infra"
|-main.tf
|-dns.tf
|-compute.tf
└-s3.tf
Repository "wiki-infra" --> TF-state "mail-infra"
|-main.tf
|-dns.tf
|-compute.tf
└-s3.tf
In this scenario, if both services need a TXT-record @.mydomain.com, i.e. mail for SPF and wiki (SaaS) to verify domain ownership, Terraform isn't able to create the TXT record for wiki, because the resource record TXT @.mydomain.com is managed by the Terraform state of mail. The API returns record not unique - as expected.
With the old DNS console this wasn't a thing - every record counted as its own resource.
Which feature(s) I would like to see?
It would be awesome if the management of resource record sets would be possible with this multi-repo-approach again.
I think of something like this:
Create
The provider detects, if the resource record TXT @.mydomain.com already exists.
If no: Create the resource record and add the value. If yes: Just adds the additional value.
Destroy
The provider detects, if the resource record contains more than one value.
If yes: Just remove the value. If no: Remove the value and the resource record.
I really appreciate your feedback and your support!
Kind regards Tom
Hey,
It would be awesome if the management of resource record sets would be possible with this multi-repo-approach again.
Could you point me to how you used to do before?
With the old DNS console this wasn't a thing - every record counted as its own resource.
So I assume a hcloud_zone_record resource would resolve your problem? I'd prefer not to super charge the existing hcloud_zone_rrset resource and instead rely on another resource which works only at the record level. This resource would work as you described, but is limited to a single record.
Hey @jooola !
Could you point me to how you used to do before?
This never worked with the new Cloud DNS implementation.
I was able to achieve this with the old DNS Console and the TF provider germanbrew/hetznerdns.
Here the link to the version of my module before migration to the new Cloud DNS implementation. --> https://gitlab.com/tkit-solutions/tofu-hetzner-modules/-/tree/v2.1.0/dns-record?ref_type=tags
So I assume a hcloud_zone_record resource would resolve your problem? I'd prefer not to super charge the existing hcloud_zone_rrset resource and instead rely on another resource which works only at the record level. This resource would work as you described, but is limited to a single record.
This sounds like an approach I could work with, even if it would be handier to just tell the prodiver to create a record and it handles everything else by itself (like splitting long TXT record values). ^^