Making changes to DNS (bind) through git, how make it?

Red Hat

10/27/23, 2:16 PM

What is the correct way to change the entries in the Bind zone file and apply it through Gitlab CI/runner?

166

0 + 3

linux

git

gitlab

Nikita Kipriyanov

10/27/23, 5:04 PM

Use Ansible, store playbooks and support files in the git repo. Hopefully, sooner or later you'll find out that those playbooks could perform more than just managing DNS records, but also other aspects of systems that those records are going to be used for.

Red Hat

10/28/23, 4:56 PM

I forgot to write, the essence of the task is to give different users access to change their records, as part of the DR process, sed and awk only comes to mind.

Nikita Kipriyanov

10/28/23, 6:15 PM

No, don't! Updating text zone files (correctly and securely) will be a great pain. Use `nsupdate` with personal TSIG keys, or even Kerberos, and adequate update policy, it is the only secure and reliable way to do it in BIND. What a coincidence, this is exactly what [community.general.nsupdate module](https://docs.ansible.com/ansible/latest/collections/community/general/nsupdate_module.html) expects (no, not a coincidence, its just people who use Ansible know right ways to do things).

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Making changes to DNS (bind) through git, how make it?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.