Add an IGNORE() DSL directive #183
Comments
|
Let me make sure I understand the feature. Basically IGNORE("label") would tell DNSControl not to touch a DNS record in that domain whose name is "label". The contents would be created by some external mechanism. (i.e. someone has inserted the record via a web UI or other mechanism) |
|
This sounds a lot like the (poorly documented) Will cause dnscontrol to manage the records you define, but not delete others. Is that close to what you are asking for? |
|
@tlimoncelli your summary is correct. That is the desired behavior. I'd like to define the record as being handled externally so it is not tampered with. @captncraig that's very close, but I'd like to be able to define specific records not just a blanket behavior for all records not defined. For now I could probably use NO_PURGE to do this but I'd still like to allow for record cleaning. |
|
We did have something like that for the Cloudflare provider called ignored_labels but it probably is a good idea to create a better standard approach for how to do this across all providers. |
|
The cleanest solution is to implement "special" records in the providers. There is now a mechanism to list capabilities of a provider (for example, some providers are marked as supporting SRV records). URL records from DNSimple & NameCheap could be implemented fairly easily as a "REDIRECT()" record that does the right thing depending on the provider. |
|
At some point in the near future I'd like to try my hand at adding URL record support much like the existing ALIAS records assuming someone else doesn't get to it first. However that's a separate issue from this. I would still like an |
|
REDIRECT(): @onlyhavecans Nobody is currently working on it. I did recently update the doc on how to add new record types (https://stackexchange.github.io/dnscontrol/adding-new-rtypes) so this seems like an excellent opportunity for you. @gbrayut: Good point. IGNORE("label") could simply generalize the code in Cloudflare's ignored_labels feature. Great idea! |
IGNORE is like NO_PURGE but for a spefic record instead of the whole
zone. This is very useful for instance if you have a zone where
only some records are managed externally from dnscontrol (for instance
using kubernetes external dns system).
Adding IGNORE("foo") in the zone will make dnscontrol not trying
to manage the "foo" record (and especially not deleting it).
dnscontrol will error out if the "foo" domain is both ignored and
managed in dnscontrol.
This can be seen as a generic Cloudflare's ignored label, even though
this changeset doesn't remove that specific feature.
Signed-off-by: Brice Figureau <brice@daysofwonder.com>
IGNORE is like NO_PURGE but for a spefic record instead of the whole
zone. This is very useful for instance if you have a zone where
only some records are managed externally from dnscontrol (for instance
using kubernetes external dns system).
Adding IGNORE("foo") in the zone will make dnscontrol not trying
to manage the "foo" record (and especially not deleting it).
dnscontrol will error out if the "foo" domain is both ignored and
managed in dnscontrol.
This can be seen as a generic Cloudflare's ignored label, even though
this changeset doesn't remove that specific feature.
Signed-off-by: Brice Figureau <brice@daysofwonder.com>
IGNORE is like NO_PURGE but for a spefic record instead of the whole
zone. This is very useful for instance if you have a zone where
only some records are managed externally from dnscontrol (for instance
using kubernetes external dns system).
Adding IGNORE("foo") in the zone will make dnscontrol not trying
to manage the "foo" record (and especially not deleting it).
dnscontrol will error out if the "foo" record is both ignored and
managed in dnscontrol.
This can be seen as a generic Cloudflare's ignored label.
Signed-off-by: Brice Figureau <brice@daysofwonder.com>
|
I've pushed PR #300 to fix this issue (and don't know why github doesn't show it). |
IGNORE is like NO_PURGE but for a spefic record instead of the whole
zone. This is very useful for instance if you have a zone where
only some records are managed externally from dnscontrol (for instance
using kubernetes external dns system).
Adding IGNORE("foo") in the zone will make dnscontrol not trying
to manage the "foo" record (and especially not deleting it).
dnscontrol will error out if the "foo" record is both ignored and
managed in dnscontrol.
This can be seen as a generic Cloudflare's ignored label.
Signed-off-by: Brice Figureau <brice@daysofwonder.com>
IGNORE is like NO_PURGE but for a spefic record instead of the whole
zone. This is very useful for instance if you have a zone where
only some records are managed externally from dnscontrol (for instance
using kubernetes external dns system).
Adding IGNORE("foo") in the zone will make dnscontrol not trying
to manage the "foo" record (and especially not deleting it).
dnscontrol will error out if the "foo" record is both ignored and
managed in dnscontrol.
This can be seen as a generic Cloudflare's ignored label.
Signed-off-by: Brice Figureau <brice@daysofwonder.com>
* Add support for the IGNORE(name) directive (#183) IGNORE is like NO_PURGE but for a spefic record instead of the whole zone. This is very useful for instance if you have a zone where only some records are managed externally from dnscontrol (for instance using kubernetes external dns system). Adding IGNORE("foo") in the zone will make dnscontrol not trying to manage the "foo" record (and especially not deleting it). dnscontrol will error out if the "foo" record is both ignored and managed in dnscontrol. This can be seen as a generic Cloudflare's ignored label. Signed-off-by: Brice Figureau <brice@daysofwonder.com> * Deprecate CloudFlare ignoredLabels in favor of IGNORE (#183) Since IGNORE implements a generic `ignoredLabels` system, let the user know CF `ignoredLabels` are deprecated. Signed-off-by: Brice Figureau <brice@daysofwonder.com>
|
It would be great if this had support for wildcarding. ACME (Letsencrypt) DNS validation currently creates TXT "_acme-challenge.SUBDOMAIN" records for each subdomain being validated. It would be great if I could have one entry such as: Which can capture all of these. |
|
@rblenkinsopp this is a good idea! |
|
This is something we have been mulling over for a while, but haven't pulled the trigger on yet, because of a couple of complications:
The way I think I look at things is that each record set (unique record type and name) falls into one of two caregories: managed or unmanaged. If it is managed (the default for everything), then dnscontrol will make it match your desired state, or delete it if it is not in the config. "No purge", indicates that record sets not present in the config should be left as is (considered unmanaged) and not deleted. This is limiting because there may be certain records you do not wish to delete, but in general do want to purge unused records. If you only want to have a subset of records as "unmanaged", it can be frustrating to not be able to delete other record sets ever. The proposed "ignore" feature will fill this gap, allowing you to say "ignore records with this pattern, but feel free to delete others if they are not in the config." This seems useful, but again, I'd like to have great test coverage before I'd really trust it. |
|
An aside about The challenge records should be fine to delete once the validations succeed. |
|
@captncraig: I did realise after asking that they should probably not be there any more anyway but the request still seemed reasonable, if not for the specific case that I stated. I don't want to take this off-topic too much but I am using traefik for LE support at the moment, I've not looked at dnscontrol's support for that yet. |
|
It looks like this may be near being released, but I'll add my use case anyway. I have a domain I want completely managed by DNS Control, except for one record which needs to by handled dynamically. I would really like to leave PURGE on. Thought about writing a script to update the dnsconfig.js file with the current value, just before it ran. But the IGNORE option would be best. Thank you for your hard work on this amazing project. Tested and working |
|
I noticed this issue hasn't been touched in a while. I think that IGNORE() currently works this way. Can you verify? |
) (StackExchange#300) * Add support for the IGNORE(name) directive (StackExchange#183) IGNORE is like NO_PURGE but for a spefic record instead of the whole zone. This is very useful for instance if you have a zone where only some records are managed externally from dnscontrol (for instance using kubernetes external dns system). Adding IGNORE("foo") in the zone will make dnscontrol not trying to manage the "foo" record (and especially not deleting it). dnscontrol will error out if the "foo" record is both ignored and managed in dnscontrol. This can be seen as a generic Cloudflare's ignored label. Signed-off-by: Brice Figureau <brice@daysofwonder.com> * Deprecate CloudFlare ignoredLabels in favor of IGNORE (StackExchange#183) Since IGNORE implements a generic `ignoredLabels` system, let the user know CF `ignoredLabels` are deprecated. Signed-off-by: Brice Figureau <brice@daysofwonder.com>
|
I'm looking for a similar option but I would like to specify record type. Is it possible? I'm trying to use I'm experimenting with those two but I'm always getting same result:
and my config looks like this:
is it possible to not touch NS records? Thanks! |
Not at this time. PRs accepted. Please start a new issue if you want to discuss this particular situation. |
Occasionally I have a record or two which is either not a supported type by dnscontrol, or I otherwise would not want it managed by dnscontrol. It would be nice to have a
IGNORE(name)directive to allow dnscontrol to skip deleting or modifying the recordsexamples for why;
The text was updated successfully, but these errors were encountered: