DNS Configuration
1. Overview
DNSControl is an opinionated system for managing DNS zones across multiple providers. It treats DNS as code, allowing for version control, automated testing, and seamless migration between providers.
- Official Site
- Our configurations:
Key Benefits
- Vendor Agnostic: Define records once and push them to AWS Route53, Cloudflare, Google DNS, etc., simultaneously
- GitOps Workflow: Use Pull Requests to review DNS changes before they go live
- Macros & Variables: Assign an IP to a variable (e.g., var BASTION_IP = IP(“1.2.3.4”)) and update it globally in one place
- Safety: The preview command shows exactly what will change before any API calls are made
- Architecture & File Structure
Based on the dnsConfiguration repository, we follow a modular structure to keep the codebase clean:
| File / Folder | Purpose |
|---|---|
| dnsconfig.js | The main entry point. Contains domain definitions and requires |
| creds.json | (Private) API keys and provider credentials. (Use creds.example.json as a template) |
| Makefile | Orchestration layer. Provides shortcuts for test, preview, and push |
| domains/ | Individual JS files for each managed zone (e.g., dicaire.com.js) |
| zones/ | (Optional) Automatically generated BIND zone files for backups |
The Workflow
Our repository uses a Makefile to standardize the deployment process.
- Modify Configuration – Edit your domain file in domains/ or update variables in dnsconfig.js.
Step 2: Preview Changes – This is a dry-run. It contacts the providers and compares your local “desired state” with the “live state.”
make test - Push Changes – Once the preview looks correct, deploy the changes.
make push
3. Getting Started
Installation
We use Golang to build and run DNSControl: brew update && brew install golang
go install github.com/StackExchange/dnscontrol/v4@latest
Initializing a Domain:
If you have an existing domain on a provider, you can “import” it to get a head start:
dnscontrol get-zones --format=js --out=draft.js provider_name all