A split origin DNS setup with multi origin and multi subscription creating route via a gateway subnet is complex
Its even more challenging to keep it running smoothly and not to break things inadvertently; it's not a joke when people say its all DNS :-)
Terraform can automate most of this infra at scale but one aspect that it lacks is management of DNS in a complex setup in which one often need additional capabilities to test and validate before plan is applied.
There are multiple scenarios in which lack of this capability makes it hard to customize DNS and do not get into troubles.
Temporary zone and validate before apply
- Use terraform to create temporary DNS zone
- Use curl or https://httpie.io/ to validate the DNS entries
- this setup ensures DNS changes are tested and impact is known
- Each provider has their own SDK, format that they support and API; for example terraform has no zone file import while azure does besides integration tests are non exist and complex to craft, mostly simple nslookup validation.
Combination of native DNS mgmt + Terraform
DNScontrol and Terraform are both powerful tools for managing DNS records, but they have different capabilities and use cases. Let's use them together to make a DNS management predictable and fault proof.
- Designed specifically for DNS: DNScontrol is tailored for DNS management, offering features and integrations that are optimized for DNS-related tasks.
- Flexibility: It provides a high level of flexibility, allowing you to define DNS records using various formats (e.g., YAML, JSON) and supports a wide range of DNS providers.
You could leave whole DNS management to DNSControl or use it for complex validations and DNS records mgmt and use AZ CLI to export and import in a CI/CD task with necessary approval flows +/- terraform.
Top comments (0)