Enable a secondary DNS provider for DDoS resistance
We currently utilize Amazon's Route 53 as a DNS service we will be transitioning to a different primary provider (DynDNS) and have Route53 as a secondary provider; managed and synced by OctoDNS via GitLab repositories and CI jobs.
-
Establish DynDNS Contract. -
Create Route53 user w/ scoped permissions and access tokens for automation. -
Create DynDNS user w/ API tokens for automation. -
Slurp Route53 zone data into DynDNS using OctoDNS. -
Validate DynDNS data in all zones. -
Test OctoDNS generated changes for population into DynDNS & Route53. -
Change SOA & NS records for all zones. -
Automate CI job for OctoDNS commits. -
Generate runbook documentation.
Risk Assessment (r-21)
Edited by John Northrup