commit aaee1b3737f08666c2376283eefea6f9908e974f
parent 3568728baca823b59d6c49a9dd43ea222ea215a9
Author: Paco Esteban <paco@e1e0.net>
Date: Sun, 7 Jun 2020 11:09:32 +0200
new article dnscontrol
Diffstat:
3 files changed, 66 insertions(+), 6 deletions(-)
diff --git a/src/easy-dns-zone-management-accross-providers.md b/src/easy-dns-zone-management-accross-providers.md
@@ -1,5 +1,5 @@
# Easy DNS zone management across providers
-2020-05-31
+2020-06-07
For personal projects and at work I have to manage some DNS zones. They are
not that many, but I would say that if they are more than 2 or 3, or if the
@@ -10,14 +10,14 @@ There are many alternatives out there, like Github's [Octodns][1] or
StackExchange's [dnscontrol][2]. I personally use the latter.
Using tools like these bring a couple of benefits. For one, you can have your
-DNS zones under version control. Ok, you can do that too with BIND zone files.
-But it's more difficult to do that if you use one of the _"cloud providers"_ as
+DNS zones under version control. Ok, you can do that too with BIND zone files,
+but it's more difficult to do that if you use one of the _"cloud providers"_ as
I do at work. Another benefit is that you can wire this with your CI platform
of choice. Again, BIND zones are pretty good at this too. Rsync + reload and
you're set. This is the magic of *the Unix way*. Problem is that one cannot
always choose what one works with, but I digress.
-Dnscontrol is both a [DSL][3] and a cli tool that interprets that and takes the
+Dnscontrol is both a [DSL][3] and a cli tool that interprets it and takes the
appropriate actions to ensure that your zones are a reflection of what you have
on disk. Be that API calls to your fancy provider or interactions with
ISC-BIND to update the zones on the fly.
@@ -98,7 +98,7 @@ the registrar.
Each domain has its `D` function that defines it. I usually organize it like
you see on the example. With the 1st line containing the `fqdn`, registrar and
-dns provider, and then one line per DNS record. That makes a lot of sense for
+DNS provider, and then one line per DNS record. That makes a lot of sense for
visually clean diffs later on. But you can use whatever you want as long as
you respect the syntax.
@@ -133,6 +133,64 @@ You can specify the location of the credentials file and the zones file using
`--creds file` and `--config file`. Check the command help for more
information.
+As I said earlier, `dnscontrol` can export your current zone definitions
+converting them to its DSL in the process. To do that, the command would look
+something like this:
+
+```
+dnscontrol get-zones --format=js gandi GANDI_V5 example.com
+```
+
+That will dump to `stdout` your zone in the JS DSL format. I recommend to
+review the export. Sometimes is not as good as you might expect.
+
+The first argument after the format is the credential definition, the second
+one is the provider type and then a list of zones to export.
+
+I should mention that it can also export in other formats, like BIND file
+format or TSV, so it can be used to do other kind of migrations too.
+
+And finally, the TLS certificates.
+
+This needs another config file, called `certs,json` by default. Again pretty
+simple, it looks like this:
+
+```
+ [
+ {
+ "cert_name": "downloads",
+ "names": [
+ "dl.example.com"
+ ]
+ },
+ {
+ "cert_name": "web",
+ "names": [
+ "example.com",
+ "www.example.com"
+ ]
+ }
+ ]
+```
+
+Then you can call it like this:
+
+```
+dnscontrol get-certs --email me@example.com --agreeTOS --dir './certs'
+```
+
+That will crate a hierarchy under `./certs` with the generated keys and
+certificates (plus some json metadata).
+
+There are some more options on this command to change the ACME issuer (which
+has defaults for Let's Encrypt), remaining days to renew, etc. Take a look at
+the command help for more info.
+
+In combination with cron and scp/rsync/whatever it can be used to have
+a central point for certificate generation.
+
+Hope it's useful.
+
_Have any comments ? Send an email to the [comments address][999]._
[1]: https://github.com/github/octodns
diff --git a/src/gophermap b/src/gophermap
@@ -12,6 +12,7 @@ Sometimes I write things so I do not forget ...
o--o-- Random (usually tech) stuff
+0Easy DNS zone management across providers /easy-dns-zone-management-accross-providers.md.txt e1e0.net 70
0Manage Kubernetes clusters from OpenBSD /manage-k8s-from-openbsd.md.txt e1e0.net 70
0Split window on current working directory on tmux /tmux-splitw-on-current-folder.md.txt e1e0.net 70
0upsc (NUT) Prometheus exporter /upsc-prometheus-exporter.md.txt e1e0.net 70
@@ -49,5 +50,5 @@ Have any comments ?
Send an email to <comments@e1e0.net>
o- o -- -------------------------------------------------------- -- o --
-Last updated: Fri, 08 May 2020 17:49:00 +0000
+Last updated: Sun, 07 Jun 2020 09:06:38 +0000
o- o -- -------------------------------------------------------- -- o --
diff --git a/src/index.html b/src/index.html
@@ -1,4 +1,5 @@
<ul>
+<li><a href="easy-dns-zone-management-accross-providers.html" title="2020-06-07">Easy DNS zone management across providers</a></li>
<li><a href="manage-k8s-from-openbsd.html" title="2020-05-08">Manage Kubernetes clusters from OpenBSD</a></li>
<li><a href="/tmux-splitw-on-current-folder.html" title="2020-03-14">Split window on current working directory on tmux</a></li>
<li><a href="/upsc-prometheus-exporter.html" title="2020-01-17">upsc (NUT) Prometheus exporter</a></li>
