Why did I switch?
In my experience, the main advantages of DNSControl, or rather the workflow it promotes, are the following:
- Support for different authoritative DNS providers: It is no longer needed to visit the control panels of different providers. The configuration is provider-agnostic, and can be applied to different or even multiple DNS providers, which allows administrators to easily migrate between providers or mix and use servers from different providers simultaneously.
- Specify the state instead of actions: This is analogous of managing infrastructure using Ansible vs manually. Only the final state is specified in the configuration file, and the software takes care of adding or modifying records and deleting unnecessary ones.
I will briefly introduce my new workflow for migrating and managing DNS below, in order to show you how it can be done.
Migrating existent zones
The first step of switching to the new workflow, is to export and migrate the existent DNS zones from the current providers into the configuration file.
If you are like me who have dozens of records in the old DNS control panel, and you simply don’t want to copy-paste everything by hand, DNSControl has a “get-zones” sub-command that can be used in this situation. You can read the official documentation about migration, and the steps I used are:
- In order to read from the current provider, credentials must be generated and provided in the
creds.jsonfile. The methods vary by provider, which can be found in their respective pages. For example, CloudFlare only requires an API token with sufficient permissions to access and modify zone records.
creds.jsonfilled out and saved to the current directory, the following command can be executed to export current records of a specific zone:
dnscontrol get-zones --format=js --out=dnsconfig.js <creds-name> <PROVIDER-IDENTIFIER> your-domain.tld
- The software is written in Go, so they provide static binaries in GitHub release page.
creds-nameis the key used in
PROVIDER-IDENTIFIERcan be found in the “Identifier” column in the provider table.
Updating DNS records
In order to create or update DNS records for a domain, one should first edit
preview sub-command to compare the changes to the existent records online. Finally, when everything checks out, use
dnscontrol push to apply the changes.
To further automate the workflow, I personally use a Git repository to version-control my
dnsconfig.js configuration, and Jenkins to perform the steps above. My
creds.json is kept private in Jenkins’ “Credentials” area, and mounted into the pipeline environment during execution. In this way, I can commit and push my DNS configuration to the Git server, and Jenkins will automatically check and apply the changes.
As of the time of writing this article, the following DNS providers are supported by DNSControl:
- Azure DNS
- Google Cloud DNS
- Hurricane Electric DNS
- Hetzner DNS Console
- Microsoft DNS Server (Windows Server)
- Namecheap Provider
- Oracle Cloud
- Route 53
- SoftLayer DNS
In addition, the following registrars are supported, which allow users to modify the domains’ NS records to point to the providers above:
- CSC Global
- Namecheap Provider
- Route 53
And even if your current provider is not covered, you can easily add your own integration and possibly contribute to the upstream.