search

StackExchange / dnscontrol

Infrastructure as code for DNS!
https://dnscontrol.org/
MIT License
3.17k stars 399 forks source link

Azure DNS - Add additional nameserver to zone returns error about multiple entries #3088

Open fabienmazieres opened 3 months ago

fabienmazieres commented 3 months ago

Describe the bug

Adding nameserver entries to Azure public DNS zone fails to add the additionnal server, it returns error message "The list of record sets of type 'NS' may not contain multiple entries with the same 'nsdname'". I want to add extra name server as I intend to host this zone on 2 providers.

To Reproduce

I use the following dnsconfig.js:

var REG_NONE = NewRegistrar("none");
var DNS_AZURE = NewDnsProvider("azuredns_main");

D("example.co.uk", REG_NONE, DnsProvider(DNS_AZURE),
    // Top-level domain configuration
    NAMESERVER_TTL("172800"), // 2 days

    // Azure DNS name servers
    NAMESERVER("ns1-01.azure-dns.com."),
    NAMESERVER("ns2-01.azure-dns.net."),
    NAMESERVER("ns3-01.azure-dns.org."),
    NAMESERVER("ns4-01.azure-dns.info."),

    // Other provider
    NAMESERVER("ns1.other.provider.net."),

    // Records
    A("test", "1.2.3.4"),
    END);

when using preview, it calculate the changes as expected:

PS C:\Users\DNSasCode> dnscontrol preview
******************** Domain: example.co.uk
1 correction (azuredns_main)
#1: + CREATE example.co.uk NS ns1.other.provider.net. ttl=172800
Done. 1 corrections.

but push returns an error message

PS C:\Users\N18180\source\PlatformEngineering.DNSasCode> dnscontrol push   
******************** Domain: impersotech.co.uk
2 corrections (azuredns_main)
#1: + CREATE example.co.uk NS ns1.other.provider.net ttl=172800
FAILURE! PUT https://management.azure.com/subscriptions/xxx-yyy/resourceGroups/xxx/providers/Microsoft.Network/dnsZones/example.co.uk/NS/@
--------------------------------------------------------------------------------
RESPONSE 400: 400 Bad Request
ERROR CODE: BadRequest
--------------------------------------------------------------------------------
{
  "code": "BadRequest",
  "message": "The list of record sets of type 'NS' may not contain multiple entries with the same 'nsdname'."
}
--------------------------------------------------------------------------------
[...]

Adding the extra providers in Azure Portal manually works and subsequent preview or push do validate the change was done as expected.

Expected behavior

No error message displayed, additional NS servers added to the @ NS record.

DNS Provider Azure DNS (azuredns_main)

tlimoncelli commented 3 months ago

CC @vatsalyagoel

vatsalyagoel commented 3 months ago

Looking into the issue

vatsalyagoel commented 2 months ago

@fabienmazieres When adding additional NAMESERVER Records, you don't need to specify the Azure records on the domain.

NAMESERVER("ns1-01.azure-dns.com."), NAMESERVER("ns2-01.azure-dns.net."), NAMESERVER("ns3-01.azure-dns.org."), NAMESERVER("ns4-01.azure-dns.info.")

These will automatically be there when DNSControl gets the zone from AzureDNS

fabienmazieres commented 2 months ago

@vatsalyagoel , I will have to support 2 providers, Azure and Oracle, hence why I had put the azure records in the config. I could omit those and rely on the registrar data but I thought it would be best to be explicit in my config.

All that said, the issue still occurs to me and I am not sure how to take it. If you have some pointer where I should look into I would be happy to also help dig a bit and see if I can find anything.

tlimoncelli commented 2 months ago

Each provider handles Domain Delegation a little differently and sometimes they conflict. Often the best way to resolve this is to manually set the delegation via the provider's website.

This doc might be helpful, especially the last section where it explains that behavior is different if there are zero NAMESERVER() statements in a zone.

vatsalyagoel commented 1 month ago

@tlimoncelli maybe I should add a PR to de duplicate NS/Nameserver records if we detect that there are any. But I don't know if it would go against the design. If you give your blessing, I'll create the PR

tlimoncelli commented 1 month ago

@tlimoncelli maybe I should add a PR to de duplicate NS/Nameserver records if we detect that there are any. But I don't know if it would go against the design. If you give your blessing, I'll create the PR

Yes, please. (Now that Go has generics, you might find https://pkg.go.dev/slices useful)