Skip to content

Instantly share code, notes, and snippets.

@camilb

camilb/cli53_import_zone_file.md

Forked from pgchamberlin/cli53_import_zone_file.md
Created August 24, 2022 15:20
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save camilb/fac501acf8ce017eae244b285ac8c971 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save camilb/fac501acf8ce017eae244b285ac8c971 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @pgchamberlin pgchamberlin revised this gist Nov 17, 2016. 1 changed file with 2 additions and 2 deletions.
    4 changes: 2 additions & 2 deletions cli53_import_zone_file.md
    View file
    Original file line number Diff line number Diff line change
    @@ -12,9 +12,9 @@ But this does not produce an exact copy of the zonefile, for example the existin

    ## Hosting DNS with multiple providers

    If your use case for this command is for duplicating zone files across multiple DNS hosts then the records should be identical in each location. Specifically: you need all the `SOA` serials to be in sync.
    If your use case for this command is for duplicating zone files across multiple DNS hosts then the records should be identical in each location. Specifically: you need all the SOA serial numbers to be in sync.

    That's why the `--editauth` flag exists. It tells `cli53` to overwrite the `SOA` record with whatever's in the incoming zone file, giving you a set of changes that replicate exactly the imported zone.
    That's why the `--editauth` flag exists. It tells `cli53` to overwrite the SOA record with whatever's in the incoming zone file, giving you a set of changes that replicate exactly the imported zone.

    If you leave off the `--editauth` flag there will be no alarms. The SOA serial numbers will be out of sync silently, and the resilience of your multi-hosted DNS will be compromised without you knowing. So it's really worth remembering.

  2. @pgchamberlin pgchamberlin created this gist Nov 17, 2016.
    29 changes: 29 additions & 0 deletions cli53_import_zone_file.md
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,29 @@
    # Replace a zone file in AWS Route53 using cli53

    [`cli53`](https://github.com/barnybug/cli53) is a command line tool for Amazon Route53 and it's [well documented](https://github.com/barnybug/cli53#getting-started).

    Basic syntax to replace a BIND zone file is very simple:

    ```
    cli53 import --file zonefile.txt --replace example.com
    ```

    But this does not produce an exact copy of the zonefile, for example the existing SOA record will not be replaced.

    ## Hosting DNS with multiple providers

    If your use case for this command is for duplicating zone files across multiple DNS hosts then the records should be identical in each location. Specifically: you need all the `SOA` serials to be in sync.

    That's why the `--editauth` flag exists. It tells `cli53` to overwrite the `SOA` record with whatever's in the incoming zone file, giving you a set of changes that replicate exactly the imported zone.

    If you leave off the `--editauth` flag there will be no alarms. The SOA serial numbers will be out of sync silently, and the resilience of your multi-hosted DNS will be compromised without you knowing. So it's really worth remembering.

    I also think it's worth waiting for AWS to make the changes (using the `--wait` flag). Like this:

    ```
    cli53 import --file zonefile.txt --replace --wait --editauth example.com
    ```

    ## Dry run the changes

    If you add the `--dry-run` flag then `cli53` will show you a diff of the changes it will make. I recommend using it for every change.