Welcome to the Infrastructure as Code (IaC) series, where we will do a deep dive into various Infrastructure as Code tools and see how they work. IaC for cloud resources is an amazingly useful tool in any DevOps toolbox. It enables consistency between deployments, minimises the likelihood of human error and allows you to use tried and tested development principles for your infrastructure. In fact, it’s so good that you quickly wonder “Where else can I profit from IaC?” In this article, we’re introducing you to DNSControl.
What is DNSControl?
DNSControl is an IaC tool for your DNS zones, created by Stack Exchange (of Stack Overflow fame). In their words, it’s an “opinionated platform for seamlessly managing your DNS configuration…”.
The opinions they reference are given below; as you can see they’re all pretty reasonable things to enforce:
- DNS should be treated like code – This makes a lot of sense. At its simplest, DNS is just a list of key-value pairs with an associated “type” (e.g. A, CNAME, MX etc.).
- Non-experts should be able to safely make DNS changes – Democratising DNS Changes makes them less scary and also allows the wider team to work with and propose changes.
- All DNS is lowercase for languages that have such a concept – DNS itself is case-insensitive, so enforcing something like this doesn’t make a practical difference.
- If it is ambiguous in DNS, it is forbidden in DNSControl – The last thing you want is a DNS system that does unexpected things! Incorrect DNS configuration can take down accessibility very easily, so having a system which is well-defined is a must.
- Hostnames don’t have underscores – This is probably the most controversial of them all, and even then it’s not that restrictive. The main motivation is because, whilst DNS names can contain underscores, hostnames can’t.
How does it work?
DNSControl has a notion of DNS providers, which handle making the actual changes to your DNS system. Many different providers are built in, plus its plug-in architecture allows you to add custom providers if required. Note however that not all providers are created equal: each one has different capabilities. A matrix showing what is supported is available on the provider listing.
The DNS records themselves are written using a lightweight Javascript DSL, the documentation for which is here. All configuration resides in a single file named ‘dnscontrol.js’. This supports multiple DNS providers and multiple zones, so you can have your full DNS estate in one place. An example DNSControl configuration is available on GitHub here.
Finally, applying the configuration is a case of running the ‘dnscontrol CLI’ tool. This is supported natively on Windows and Linux and also offered as a docker container. Applying DNS changes is simply a case of running ‘dnscontrol push’ from the directory containing your dnscontrol.js configuration file. There is also a preview command that allows you to review changes before they are applied.
Migrating to DNSControl
A tool like this would be useless if it didn’t have good support for importing existing zones. Luckily, there is a short migration guide explaining how to move to using DNScontrol. Generally speaking, migrating your DNS zone is a case of:
- Create a skeleton ‘dnscontrol.js’ configuration file;
- Run ‘dnscontrol get-zones’ to pull out your existing records
- Merge these into ‘dnscontrol.js’
- Iteratively run ‘dnscontrol preview’ and update ‘dnscontrol.js’ until no changes are detected
At this point, your DNSControl configuration is an exact replica of your current configuration and applying it (via ‘dnscontrol push’) is no-op.
What else do I need to know about DNSControl?
This tool that is useful to all enterprises, big and small. It’s also simple to work with but has enough flexibility to work in lots of different cases.
But it isn’t the only tool of its class. A big competitor is OctoDNS. Their main selling point is around using multiple providers simultaneously and cloning DNS zones seamlessly across them. While this can be useful for certain cases, it’s unlikely to be so for the majority of people (and adds extra complexity to configuration, for example). If you’re looking to add DNS IaC, I would recommend starting with DNSControl and, if it’s lacking, moving to something like OctoDNS.
Can I get help with my infrastructure?
Yes, absolutely. If you’re looking to modernise your DNS configuration or migrate any part of your infrastructure to IaC tooling, Softwire can help. We have extensive experience in both Cloud technologies and the tooling to integrate with them. Get in touch today to discuss your needs.