Skip to content

Enable a secondary DNS provider for DDoS resistance

We currently utilize Amazon's Route 53 as a DNS service we will be transitioning to a different primary provider (DynDNS) and have Route53 as a secondary provider; managed and synced by OctoDNS via GitLab repositories and CI jobs.

  • Establish DynDNS Contract.
  • Create Route53 user w/ scoped permissions and access tokens for automation.
  • Create DynDNS user w/ API tokens for automation.
  • Slurp Route53 zone data into DynDNS using OctoDNS.
  • Validate DynDNS data in all zones.
  • Test OctoDNS generated changes for population into DynDNS & Route53.
  • Change SOA & NS records for all zones.
  • Automate CI job for OctoDNS commits.
  • Generate runbook documentation.

Risk Assessment (r-21)

Edited by John Northrup