How to set dynamic DNS-Entries using Terraform

Terraform provides a huge number of providers. One of them is the DNS-Provider which can be used for BIND or NAMED DNS-Servers.

I will shortly describe how we achive a dynamic set of DNS.

terrafom.io

Bind

Create a Key Secret:

$ echo "<mypassword>" | base64
PG15cGFzc3dvcmQ+Cg==

Add a new key to the following to your /etc/bind/named.conf :

key <myKeyName>. {
 algorithm hmac-md5;
 secret "PG15cGFzc3dvcmQ+Cg==";
 };

Set the following in /etc/bind/named.conf.local :

[...]
zone "<myZoneName>" {
 type master;
 update-policy {
   grant <myKeyName> zonesub any;
 };
 file "/var/lib/bind/<myZoneName>.hosts";
 };
[...]

Terraform

Setup your provider DNS:

variables.tf

variable "dns_ip" {
  description = "IP address of Master DNS-Server"
}
variable "dns_key" {
  description = "name of the DNS-Key to user"
}
variable "dns_key_secret" {
  description = "base 64 encoded string"
}

providers.tf

[...]
provider "dns" {
  update {
    server        = "${var.dns_ip}"
    key_name      = "${var.dns_key}"
    key_algorithm = "hmac-md5"
    key_secret    = "${var.dns_key_secret}"
  }
}
[...]

Then run the terraform apply and you will find the following lines in your bind or named logfiles:

<TimeStamp> client @0x7faae8074ae0 <IP of Terraform executor>#52499/key <myKeyName>: updating zone '<myDomain1>/IN': adding an RR at '<record_name1>.<myDomain1>' A <record_ip1>
<TimeStamp> client @0x7faafc03e2a0 <IP of Terraform executor>#33708/key <myKeyName>: updating zone '<myDomain2>/IN': adding an RR at '<record_name2>.<myDomain2>' A <record_ip2>
<TimeStamp> client @0x7faae8074ae0 <IP of Terraform executor>#52499/key <myKeyName>: updating zone '<myDomain3>/IN': adding an RR at '<record_name3>.<myDomain3>' A <record_ip3>