Hacker News new | ask | show | jobs
by ntoskrnl 1489 days ago
No DNS provider I've ever used has a way to store metadata alongside a DNS record (like an individual A record)
4 comments
paulgb 1489 days ago
I was just about to give the same example. I’m more familiar with GCP’s DNS, but I don’t see a place for structured metadata in Route 53 either. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGui...
link
rwmcfa1 1488 days ago
If you look through the octoDNS providers there's a number of cases where extra info is stored for "dynamic" records. The metadata is often things like the pool name or rule number. In other cases it's details about the health check config/version. The extra info is sometimes stored into a "notes" field, other times it's encoded into the ID or similar.

It's true that nothing extra is needed for simple/standard records, but once you start doing GeoDNS, failover, health check, etc. it's required.

In all cases thus far we've been able to find a way to store/indicate whatever we need.

(maintainer of octoDNS)

link
georgyo 1489 days ago
Why do I need metadata along with my A record? It either exists or it doesn't. That is the state required for Terraform.

The article explicitly mentions OctoDNS as a stateless configuration management system for DNS as a good solution.

link
KyeRussell 1489 days ago
To know if it’s managed by TF or not, to know whether or not to delete it. Exactly what’s being described.
link
NateEag 1489 days ago
That's what TXT records are for:

https://en.m.wikipedia.org/wiki/TXT_record

link
ntoskrnl 1489 days ago
Terraform can be used to manage TXT records too. Where does it store metadata for them? Or is it TXT all the way down?
link
NateEag 1488 days ago
You can have multiple TXT records for a given domain name, so it would be possible to store an arbitrary amount of metadata for whatever systems you desire, and just loop through the TXT records to figure out which ones are for the current system's purpose.
link
gtirloni 1489 days ago
Exposed to the world?
link
NateEag 1488 days ago
I guess that's not ideal, though I'm not clear what attack surface area is increased by storing creation/ deletion metadata in public.

I guess it lets an attacker know that you're using Terraform, which might help them target their attacks.

link
bpicolo 1488 days ago
Terraform stores secrets in state. Generated database password, etc.
link
NateEag 1488 days ago
Oh, gotcha. I've not used Terraform yet.

Yes, if that's the case, then TXT records could easily be unsuitable. Depends exactly what metadata needs to be attached to your DNS records.

link