DNSupdate API - simplified DDNS update
Provide high and low level access to DNS using nsupdate semantics, for Designate to talk to MiniDNS and other nsupdate-friendly DNS platforms. DNS administrators area already familiar with nsupdate, and an API + CLI interface capturing these semantics would be useful for them.
The dnsupdate high level classes perform queries for data of a given name, type, and class, and return an answer set; low level classes allow direct manipulation of DNS zones, messages, names, and records. This dnsupdate tooling supports the adding, deleting and updating of A, AAAA, PTR, TXT, NS, SRV and MX records, automatically add/delete/update a PTR for a given A or AAAA record, though the forward and reverse zones have to exist on the same server, all with input validation for the various record types making it more difficult to add bad records to zones.
This interface can authenticate updates using either TSIG or GSS-TSIG request signatures.
Blueprint information
- Status:
- Complete
- Approver:
- Designate Core
- Priority:
- Undefined
- Drafter:
- Alex Baretto
- Direction:
- Needs approval
- Assignee:
- Alex Baretto
- Definition:
- Obsolete
- Series goal:
- Accepted for juno
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
- Kiall Mac Innes
Whiteboard
With mDNS in place, I believe we're now better off skipping this functionality and going straight to implementing RFC 2136 Dynamic DNS. This will allow us to support the real nsupdate command, as well as any other clients implementing RFC 2136. Kiall.
====
Update: May 21, 2014
In the weekly IRC meeting, the team decided to implement Proposal 1 in the short term, scrap Proposal 2, and implement Proposal 3 in the long term.
For Proposal 1:
* Identify gaps to support the functionality - there are features that nsupdate supports that are currently not in the v1/v2 api and/or central
* Close those gaps using the current APIs
* Create the dnsupdate util - make sure it can function as a drop-in replacement for nsupdate
* Add additional functionality to make dnsupdate easier to use than nsupdate e.g. additional positional arguments to allow batch style updates on command line, -x argument, etc.
Problem: Many DNS administrators already use nsupdate, have lots of scripts, etc. that manage DNS using nsupdate. We need to ease the integration, to allow those administrators to use Designate.
Proposal 1: write a tool called dnsupdate that mimics exactly the nsupdate semantics. dnsupdate supports the following syntax
dnsupdate -s ns.example.com -k Kexample.
and usage
usage: dnsupdate [-h] {-s} {-k} {-o} [-x] {add|delete|update} {Name} {TTL} [IN] {Type} {Target}
Add, Delete, Replace DNS records using DDNS.
positional arguments:
add|delete|update {hostname} {TTL} [IN] {Type} {Target}.
optional arguments:
-h, --help show this help message and exit
-s SERVER DNS server to update (Required)
-k KEY TSIG key. The TSIG key file should be in DNS KEY record
-o ORIGIN Specify the origin. Optional, if not provided origin will
-x Also modify the PTR for a given A or AAAA record. Forward
-v Print the rcode returned with for each update
Proposal 2: Make the designate command line tool have an nsupdate compatability mode - accept the same command line arguments and positional parameter semantics e.g. if some environment variable or config switch is set, make the "designate" command work exactly like nsupdate.
Proposal 3: Make mini-DNS accept commands from nsupdate.
Work Items
Work items:
Implement Proposal 1: TODO
Identify api/central gaps: TODO
Implement support to cover gaps: TODO
Create dnsupdate util: TODO
Add additional functionality: TODO
