Zonefile Management in git

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Zonefile Management in git

Cameron Banowsky
Seasons Greetings,

We are managing our zone files in git and are looking for tools to accomplish validation checks within our CI/CD pipeline. Does anyone have any pro tips or code references for how we can optimize our user and admin experience?  We are using Gitlab CI.

For example, we would like to achieve input validation for zone entries, check for syntax errors, automated zone file serial number incrementing, and resolve new DNS entries in a staging server.  

Any and all help would be greatly appreciated.

Cameron Banowsky
SHE BASH 
323-217-8592

The content of this email is confidential and intended for the recipient specified in message only. It is strictly forbidden to share any part of this message with any third party, without a written consent of the sender. If you received this message by mistake, please reply to this message and follow with its deletion, so that we can ensure such a mistake does not occur in the future.

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Zonefile Management in git

Anand Buddhdev
Hi Cameron,

We do something like this for our zones. In our zone repository, I have
a script called "checkzones". I can run it any time in my checkout of
the repository, and it checks all the zones for various things. For
example, it checks for implicit owner names, missing TTL, etc. It also
runs "named-checkzone" for every zone. You can make the script as
extensive as you like.

Next, we have a GitLab CI/CD config file in the repo, that tells GitLab
to spawn a docker image, check out the repository in there, and run the
"checkzones" script. If it fails for any reason, the pipeline fails.

Our GitLab repository is configured to prevent direct commits to the
"master" branch. Instead, all users must create a separate branch, and
push their commits to it. If the pipeline succeeds, GitLab merges the
commit to master. If the pipeline fails, the user gets email, and they
need to go and fix their mistakes with additional commits, until the
pipeline succeeds.

Regards,
Anand

On 08/12/2020 21:54, Cameron Banowsky wrote:

> Seasons Greetings,
>
> We are managing our zone files in git and are looking for tools to
> accomplish validation checks within our CI/CD pipeline. Does anyone have
> any pro tips or code references for how we can optimize our user and admin
> experience?  We are using Gitlab CI.
>
> For example, we would like to achieve input validation for zone entries,
> check for syntax errors, automated zone file serial number incrementing,
> and resolve new DNS entries in a staging server.
>
> Any and all help would be greatly appreciated.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Zonefile Management in git

Cameron Banowsky
Thank you Anand,

Would it be possible to look at your script and gitlab-ci yaml?  This is incredibly helpful.  Thank you so much.
Cameron Banowsky
SHE BASH 
323-217-8592

The content of this email is confidential and intended for the recipient specified in message only. It is strictly forbidden to share any part of this message with any third party, without a written consent of the sender. If you received this message by mistake, please reply to this message and follow with its deletion, so that we can ensure such a mistake does not occur in the future.


On Tue, Dec 8, 2020 at 1:54 PM Anand Buddhdev <[hidden email]> wrote:
Hi Cameron,

We do something like this for our zones. In our zone repository, I have
a script called "checkzones". I can run it any time in my checkout of
the repository, and it checks all the zones for various things. For
example, it checks for implicit owner names, missing TTL, etc. It also
runs "named-checkzone" for every zone. You can make the script as
extensive as you like.

Next, we have a GitLab CI/CD config file in the repo, that tells GitLab
to spawn a docker image, check out the repository in there, and run the
"checkzones" script. If it fails for any reason, the pipeline fails.

Our GitLab repository is configured to prevent direct commits to the
"master" branch. Instead, all users must create a separate branch, and
push their commits to it. If the pipeline succeeds, GitLab merges the
commit to master. If the pipeline fails, the user gets email, and they
need to go and fix their mistakes with additional commits, until the
pipeline succeeds.

Regards,
Anand

On 08/12/2020 21:54, Cameron Banowsky wrote:

> Seasons Greetings,
>
> We are managing our zone files in git and are looking for tools to
> accomplish validation checks within our CI/CD pipeline. Does anyone have
> any pro tips or code references for how we can optimize our user and admin
> experience?  We are using Gitlab CI.
>
> For example, we would like to achieve input validation for zone entries,
> check for syntax errors, automated zone file serial number incrementing,
> and resolve new DNS entries in a staging server.
>
> Any and all help would be greatly appreciated.

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Zonefile Management in git

Anand Buddhdev
Sure, Cameron. However, since it's no longer BIND-related, I'll email
you off-list.

Anand

On 08/12/2020 22:58, Cameron Banowsky wrote:

> Thank you Anand,
>
> Would it be possible to look at your script and gitlab-ci yaml?  This is
> incredibly helpful.  Thank you so much.
> Cameron Banowsky
> SHE BASH
> 323-217-8592
> https://shebash.io
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users