search

hashicorp / terraform-provider-dns

Utility provider that supports DNS updates (RFC 2136) and can optionally be configured with secret key based transaction authentication (RFC 2845).
https://registry.terraform.io/providers/hashicorp/dns/latest
Mozilla Public License 2.0
112 stars 71 forks source link

Allow query DNS servers to be specified in provider block #242

Open longwave opened 1 year ago

longwave commented 1 year ago

Terraform CLI and Provider Versions

Terraform v1.3.4 on linux_amd64

Use Cases or Problem Statement

I use the dns_a_record_set data source to look up an internal (RFC1918) IP address:

# Look up the internal IP address of Elasticsearch.
data "dns_a_record_set" "elasticsearch" {
  host = data.aws_elasticsearch_domain.search.endpoint
}

Even though it is not routable from the Internet the IP address is published as a public DNS record. However, some routers provide DNS rebinding protection, which means that their DNS server refuses to return RFC1918 IP addresses. terraform plan then fails:

│ Error: error looking up A records for "vpc-REDACTED.eu-west-1.es.amazonaws.com": lookup vpc-REDACTED.eu-west-1.es.amazonaws.com on 127.0.0.53:53: no such host
│ 
│   with data.dns_a_record_set.elasticsearch,
│   on main.tf line 44, in data "dns_a_record_set" "elasticsearch":
│   44: data "dns_a_record_set" "elasticsearch" {
│

The only workaround is to change the local DNS server to Cloudflare 1.1.1.1 or Google 8.8.8.8 or similar.

Proposal

Allow a query DNS server to be specified in the provider block:

provider "dns" {
  query {
    server = "1.1.1.1" # Cloudflare
  }
}

How much impact is this issue causing?

Medium

Additional Information

This was hinted at in #172 but I think this proposal is cleaner than allowing the DNS server to be specified in the data source itself.

Code of Conduct

maxboone commented 8 months ago

@bflad (tagging because of comment on last non-dependabot PR) & @bookshelfdave due to triage label last year

I'd gladly pick this up and write a PR but I'm not sure if this is a feature / enhancement that would be accepted, considering there haven't been added features for a while now (judging from the PRs).

DevopsMercenary commented 4 months ago

This would be great. I just discovered this provider, and unfortunately the internal network DNS is blocking some DNS lookups and network operations doesn't want to open or mess with their DNS Config.

I can solve my issue using this provider if I could use Google or some other known external DNS provider.

provider "dns" {
  query {
    server = [ "8.8.8.8", "8.8.4.4" ]
  }
}