Generate DNS records from netbox

[TimStallard]

We should autogenerate our DNS zones from netbox, ideally in python. Should be easy enough using just a jinja2 template for the generated zonefile, and pynetbox.

Only worth generating the "hosts" fragments for now, and we can leave the nodes parts generated by node_control for now.

[TimStallard]

@trickeydan suggested using netbox's export features for this, which looks great for now. There are a bunch of DNS libraries for python that we could use to build a full zone properly with pynetbox eventualy, but for now this lets us build parts of zonefiles directly from netbox with some jinja2.

v6 reverse zone done as a first test, seems to mostly line up:

tim@sown-auth2:~$ ldns-compare-zones -a /etc/bind/fragment.ip6ptr-hosts <(curl http://netbox.sown.org.uk/ipam/ip-addresses/?export=rdns6 2>/dev/null)
--2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.9.3.0.8.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 3600    IN  PTR external-monitor.sown.org.uk.
++1.1.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.f.0.d.0.0.0.3.6.0.1.0.0.2.ip6.arpa. 3600    IN  PTR staff-wqm.sown.org.uk.
++2.1.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.f.0.d.0.0.0.3.6.0.1.0.0.2.ip6.arpa. 3600    IN  PTR student-wqm.sown.org.uk.
++4.5.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.f.0.d.0.0.0.3.6.0.1.0.0.2.ip6.arpa. 3600    IN  PTR hafw.sown.org.uk.
    +3  -1  ~0

[TimStallard]

Have migrated over v6 reverse dns, v4 will happen next hour when updatednszones runs.

Switching over the forward side will make the following changes, need to check sure they all look sane.

Does anything use the sown- prefixed names (which are actually .ecs in the admin system), or the TXT / SRV / HINFO records?

tim@sown-auth2:/etc/bind$ ldns-compare-zones -a /etc/bind/fragment.sown.org.uk-hosts <(curl http://netbox.sown.org.uk/ipam/ip-addresses/?export=fdns 2>/dev/null) | grep -Ev "TXT|HINFO|SRV"
--backup1.  3600    IN  CNAME   gw.
~-c3750g.   3600    IN  A   10.5.0.10
~+c3750g.   3600    IN  CNAME   switch.
~+hafw. 3600    IN  A   10.5.0.254
~+hafw. 3600    IN  AAAA    2001:630:d0:f700::254
--irc.  3600    IN  CNAME   hash.ecs.soton.ac.uk.
--sown-auth2.   3600    IN  A   152.78.189.90
--sown-data1.   3600    IN  A   152.78.103.163
--sown-gw.  3600    IN  A   152.78.189.44
--sown-gw2. 3600    IN  A   152.78.189.82
--sown-monitor. 3600    IN  A   152.78.103.164
--sown-monitor2.    3600    IN  A   152.78.103.187
--sown-netbox.  3600    IN  A   152.78.103.188
--sown-vms. 3600    IN  A   152.78.103.162
--sown-vpn. 3600    IN  A   152.78.103.186
--sown-zepler-websdr.   3600    IN  A   152.78.103.190
~+staff-wqm.    3600    IN  AAAA    2001:630:d0:f700::211
~+student-wqm.  3600    IN  AAAA    2001:630:d0:f700::212
~+switch.   3600    IN  A   10.5.0.10
~-switch.   3600    IN  CNAME   c3750g.
++vms-b53-ipmi. 3600    IN  CNAME   vms-b53-1-ipmi.
~-www.  3600    IN  A   152.78.189.39
~+www.  3600    IN  CNAME   sown-www.ecs.soton.ac.uk.
~-www.  3600    IN  AAAA    2001:630:d0:f104::5032:250
    +1  -21 ~30

[cjsoftuk]

++vms-b53-ipmi. 3600 IN CNAME vms-b53-1-ipmi.

Err..... what?!

[cjsoftuk]

Actually... ignore me.... there's an extra -1 in the middle of what it cnames to....

[trickeydan]

++vms-b53-ipmi. 3600 IN CNAME vms-b53-1-ipmi.

Err..... what?!

This makes sense. vms-b53 refers to the latest incarnation of vms-b53-x, so doing the same to the IPMI seems sane to me.

[cjsoftuk]

Yeah - I thought it was CNAMEd to itself.....

[TimStallard]

Forwards and v4 reverse done now.

17:12 <@tds> that broke v4 rdns briefly, missing ., just forced transfers on gw and gw2 and looking happier now
17:14 <@tds> ah, also looks like both the wiki and sown-bot use irc.sown.org.uk, so have re-added that
17:14 <@tds> (just manually in the netbox template for now)

Just waiting for alerts to go off now, close in 24h or so if all good.

[TimStallard]

Well, I've not seen any alerts or cron spam so far, so I think this can be closed.