search

StackExchange / dnscontrol

Infrastructure as code for DNS!
https://dnscontrol.org/
MIT License
3.14k stars 400 forks source link

IGNORE all records that are not in the dnsControl config #1233

Closed wolfedale closed 3 years ago

wolfedale commented 3 years ago

Is it possible to manage only records which are specified in the dnsControl? I have a case where I have some records added from another place/tool and I don't want to modify or delete them by dnsControl.

I already checked NO_PURGE and IGNORE_NAME but looks like those are not working:

----- Getting nameservers from: gcloud ----- DNS Provider: gcloud... 1 correction #1: CREATE A foo.example.com {MY_IP} ttl=60 MODIFY NS example.com: (ns-cloud-e4.googledomains.com. ttl=21600) -> (ns-cloud-e4.googledomains.com. ttl=300) MODIFY NS example.com: (ns-cloud-e3.googledomains.com. ttl=21600) -> (ns-cloud-e3.googledomains.com. ttl=300) MODIFY NS example.com: (ns-cloud-e2.googledomains.com. ttl=21600) -> (ns-cloud-e2.googledomains.com. ttl=300) MODIFY NS example.com: (ns-cloud-e1.googledomains.com. ttl=21600) -> (ns-cloud-e1.googledomains.com. ttl=300)

as in the example, in my dnsControl I have only A record, and dnsControl is trying to modify NS records. Can I somehow excluce those?

Thanks!

tlimoncelli commented 3 years ago

The short answer: If you want DNSControl to ignore the NS records, use the "NONE" Registrar.

var REG_THIRDPARTY = NewRegistrar("ThirdParty", "NONE");
var DNS_NAMECOM = NewDnsProvider("namedotcom_main", "NAMEDOTCOM");
D("example1.com", REG_THIRDPARTY,
  DnsProvider(DNS_NAMECOM),
  A("@", "10.2.3.4")
);

Longer answer:

In your example DNScontrol is trying to change the TTL of those records. It seems to me that you have two systems that are disagreeing on what the TTL should be. I don't think you want the TTL to change back and forth as dnscontrol and the other system battle each other. I think you want to set the same TTL on both sides. You can use NAMESERVER_TTL(21600) within the D() for this domain, or set the other system to use 300 seconds.

Do you actually want the other system to control the NS records? If so, you can use the NONE provider. In that case, you'll be better served with the short answer.

tlimoncelli commented 3 years ago

I'm adding this example to the docs: https://github.com/StackExchange/dnscontrol/pull/1234

See more examples here: https://stackexchange.github.io/dnscontrol/nameservers

wolfedale commented 3 years ago

Sorry, I think I wasn't clear enough. My problem is not only with NS servers, it's about all the other records types.

For example, this is my config:

var REG_NONE = NewRegistrar('none', 'NONE');
var GCLOUD = NewDnsProvider("gcloud", "GCLOUD");

D("example.com", REG_NONE, DnsProvider(GCLOUD),
    A("bar","8.8.6.6", TTL('60')),
    TXT("bar","BAR", TTL('60'))
);

and I also created 2 additional records "manually", and when I'm executing dnsControl I see that dnsControl is trying to delete them:

******************** Domain: example.com
----- Getting nameservers from: gcloud
----- DNS Provider: gcloud...
1 correction
#1: DELETE A foo.example.com 8.8.8.8 ttl=300
DELETE TXT foo.example.com "FOO" ttl=300

----- Registrar: none...
0 corrections
Done. 1 corrections.

Can I somehow say to not modify or delete those?

wolfedale commented 3 years ago

I think NO_PURGE is doing a job. At least I just added it and looks like dnsControl is not touching those foo records anymore. I think it didn't worked before because I tested it with NS records.

wolfedale commented 3 years ago

Yes, it's working. Thanks for your help with the NS records. Looks like NO_PURGE is what I was looking for :-)