[tech] UCC DNS - Progress on syncing from ucc.machines and zonemake.py through to Cloudflare

Mark Tearle mtearle at tearle.com
Sat Dec 5 23:54:35 AWST 2020 

Hi folks

This evening's update:
 * Audit ucc.gu.uwa.edu.au and ucc.asn.au for the necessary changes needed in ucc.machines for syncing to Cloudflare
 * making OctoDNS work under Python 3.9 ( https://github.com/github/octodns/pull/632 ) - Pull request has been merged
 * fix zonemake.py to naturally sort the keys in the octoDNS YAML output
 * discovered problem with NULL SRV records ( https://github.com/github/octodns/issues/640 )
 * temporarily commented out open.ucc.gu.uwa.edu.au and v.ucc.gu.uwa.edu.au subdomains (will discuss with [MPT] )
 * Made backups before syncing
 * Add config under /usr/local/octodns (in the script and config directory) for ucc.gu.uwa.edu.au and ucc.asn.au
 * Sync'd ucc.gu.uwa.edu.au up to Cloudflare
 * Reviewed changes with audit script afterwards
Next steps are:
 * Repeat above similary for ucc.asn.au once NULL SRV bug is tracked down
 * Ensure octoDNS patches get merged upstream and use upstream version installed under /usr/local/octodns
 * Migrate this into some form of CI arrangement based off git
 * Work out solution for LE certs with DNS challenges
 * Rebuild UCC internal DNS server infrastructure (mooneye) - both authoritative and resolver

Cheers
Mark
--
Mark Tearle <mtearle at tearle.com>



On Tue, 1 Dec 2020, at 9:39 PM, Mark Tearle wrote:
> Hi folks
> 
> I've been working on providing the ability to sync from our local DNS config with appropriate changes up to Cloudflare.
> 
> To date this has involved the following:
>  * hacking zonemake.py to output a YAML file for each zone, adding tags, and config to reflect proxying scenarios
>  * writing a quick audit script to work out what changes would be needed to ucc.machines in advance of the sync
>  * hacking zonemake.py to output a YAML file in the form OctoDNS requires
>  * making OctoDNS work under Python 3.9 ( https://github.com/github/octodns/pull/632 )
>  * making OctoDNS support LOC records ( https://github.com/github/octodns/pull/635 )
>  * writing a quick script on mooneye -  /usr/local/octodns/update-ucc-cloudflare.sh - to run the necessary octoDNS commands to do the sync
> Currently only ucc.guild.uwa.edu.au is being synced.   /usr/local/octodns/update-ucc-cloudflare.sh currently points at my local development installation of octoDNS
> 
> Next steps are:
>  * Audit ucc.gu.uwa.edu.au and ucc.asn.au for the necessary changes needed in ucc.machines for syncing to Cloudflare
>  * Make liberal backups before syncing
>  * Add config under /usr/local/octodns (in the script and config directory) for ucc.gu.uwa.edu.au and ucc.asn.au
>  * Sync these up to Cloudflare
>  * Review changes with audit script afterwards
>  * Ensure octoDNS patches get merged upstream and use upstream version installed under /usr/local/octodns
>  * Migrate this into some form of CI arrangement based off git
>  * Work out solution for LE certs with DNS challenges
>  * Rebuild UCC internal DNS server infrastructure (mooneye) - both authoritative and resolver
> 
> Happy to explain in more detail over a video chat, or IRC, or over pizza when I'm in Perth
> 
> Cheers,
> Mark
> --
> Mark Tearle <mtearle at ucc.asn.au>
> 
> _______________________________________________
> List Archives: http://lists.ucc.asn.au/pipermail/tech
> 
> Unsubscribe here: https://lists.ucc.gu.uwa.edu.au/mailman/options/tech/mtearle%40ucc.gu.uwa.edu.au
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ucc.gu.uwa.edu.au/pipermail/tech/attachments/20201205/2aa7438b/attachment.htm>

More information about the tech mailing list