Using the dns-primary component

[jessegonzalez]

NOTE: This was originally posted in sweetops.slack.com but was asked to post here and has been slightly modified from the original for additional context and clarity.

Our current DNS architecture consists of 2 primary top level domains:

• example.com- vanity domain
• example.internal - service discovery domain. only applicable to the stage, no need to share these records ever. If we need to expose a service we use the vanity domain. This zone is always private in our environment.

Each stage owns a hosted zone for both domains. For the dev stage this would be dev.example.com and dev.example.internal.

Using account-map we have defined dns_account_account_name (btw, why not just name this var dns_account_name 🙂), which forces creation of dns-primary zones in the dns account. This works well for public routable TLDs requiring delegation of subdomains, but not strictly necessary for our example.internal domain.

As a solution we define example.internal in a global stage dns-primary component:

components:
  terraform:
    dns-primary:
      metadata:
        type: real
      vars:
        domain_names:
          - example.com
          - example.internal # this creates a public zone but not a valid TLD

Zone creation of example.internal is not strictly required, but if we expect to use dns-delegated, this zone has to exist in our DNS account. Chalk this up to "good enough; move on"... for now.

Questions

• Is there a way to provision zones using dns-primary outside of the dns account using the existing published ?
• If you want delegation for a subdomain (for reasons), for example a zone marketing.dev.example.com, what's the recommended approach when dev.example.com is a delegated domain created using dns-delegated?

[GabisCampana]

@milldr

[milldr]

Is there a way to provision zones using dns-primary outside of the dns account using the existing published ?

Yes absolutely. dns-primary can be deployed in any account you choose. For example with our reference architecture we deploy a TLD for each of the platform accounts -- dev, staging, prod. Those domains are deploy with dns-primary in each account.

For example

# stacks/orgs/dev.yaml (for the sake of an example)
components:
  terraform:
    dns-primary:
      vars:
        domain_names:
           - dev-example.com

# stacks/orgs/prod.yaml (for the sake of an example)
components:
  terraform:
    dns-primary:
      vars:
        domain_names:
           - prod-example.com

If you want delegation for a subdomain (for reasons), for example a zone marketing.dev.example.com, what's the recommended approach when dev.example.com is a delegated domain created using dns-delegated?

I'm not sure I understand the question, but you can create a delegated domain very easily with dns-delegated. For example

# stacks/orgs/dns.yaml (for the sake of an example)
components:
  terraform:
    dns-primary:
      vars:
        domain_names:
           - example.com

# stacks/orgs/dev.yaml (for the sake of an example)
components:
  terraform:
    dns-delegated:
      vars:
        zone_config:
          - subdomain: marketing.dev
            zone_name: example.com

Although alternatively I would suggest making the hosted zone only dev.example.com and creating a record for marketing.dev.example.com on that hosted zone

# stacks/orgs/dev.yaml (for the sake of an example)
components:
  terraform:
    dns-delegated:
      vars:
        zone_config:
          - subdomain: dev
            zone_name: example.com

[osterman]

@jessegonzalez does this answer your questions?