Enable a secondary DNS provider for DDoS resistance
We currently utilize Amazon's Route 53 as a DNS service we will be transitioning to a different primary provider (DynDNS) and have Route53 as a secondary provider; managed and synced by OctoDNS via GitLab repositories and CI jobs.
- Establish DynDNS Contract.
- Create Route53 user w/ scoped permissions and access tokens for automation.
- Create DynDNS user w/ API tokens for automation.
- Slurp Route53 zone data into DynDNS using OctoDNS.
- Validate DynDNS data in all zones.
- Test OctoDNS generated changes for population into DynDNS & Route53.
- Change SOA & NS records for all zones.
- Automate CI job for OctoDNS commits.
- Generate runbook documentation.
Risk Assessment (r-21)