Git pre-commit hook for DNS zone data
If you’re storing your DNS configuration in Git, a pre-commit hook to automatically run named-checkzone before zone file changes are committed may be useful to you. The pre-commit hook I use assumes that zone files (and only zone files) are in the format db.<zonename> (e.g. “db.andyleonard.com”), and only tests zone files (e.g. named-checkconf is not run against configuration files).
This pre-commit hook’s structure is based heavily on a Puppet 2.7 pre-commit published elsewhere. Continue reading
Git-driven BIND (plus Fabric)
Step 0. Store your DNS configuration in Git. If you aren’t using some sort of version control system for your zone files and other BIND configuration, you ought to be. May I recommend Git? Put your entire configuration directory in there, but do read the “Downsides” section below for some important security considerations.
Step 1. Create a bare Git repository on your DNS server. Using Fabric, you’d do it something like this:
def config_git(): # Create bare git repo for direct DNS data pushes: sudo('/bin/mkdir /srv/bind.git') sudo('/bin/chown ubuntu:ubuntu /srv/bind.git') with cd('/srv/bind.git'): run('/usr/bin/git init --bare .') git_post_receive()
(The above assumes an Ubuntu system, where the “ubuntu” user has sudo privileges, such as on EC2; adjust to your environment as needed.)