mirror of
https://github.com/StackExchange/dnscontrol.git
synced 2024-05-11 05:55:12 +00:00
NEW PROVIDER: MSDNS (#1005)
* New provider * Add support for SRV records * Modify ACTIVEDIRECTORY_PS provider to warn that it is deprecated.
This commit is contained in:
Tom Limoncelli
GitHub
@@ -4,6 +4,14 @@ layout: default
|
||||
jsId: ACTIVEDIRECTORY_PS
|
||||
title: ActiveDirectory_PS Provider
|
||||
---
|
||||
|
||||
# WARNING:
|
||||
|
||||
WARNING: This provider is deprecated and will eventually be removed.
|
||||
Please switch to MSDNS. It is more modern and reliable. The
|
||||
`creds.json` fields changed names; otherwise it should be an
|
||||
uneventful upgrade.
|
||||
|
||||
# ActiveDirectory_PS Provider
|
||||
This provider updates an Microsoft Active Directory server DNS server. It interacts with AD via PowerShell commands that are generated and executed on the local machine. This means that DNSControl must be run on a Windows host. This driver automatically deactivates itself when run on non-Windows systems.
|
||||
|
||||
@@ -17,7 +25,7 @@ To activate this mode, set `"fakeps":"true"` inside your credentials file for th
|
||||
|
||||
## Configuration
|
||||
|
||||
The `ActiveDirectory_PS` provider reads an `ADServer` setting from `creds.json` to know the name of the ActiveDirectory DNS Server to update.
|
||||
The `ActiveDirectory_PS` provider reads an `ADServer` setting from `creds.json` to know the name of the ActiveDirectory DNS Server to update.
|
||||
|
||||
{% highlight javascript %}
|
||||
{
|
||||
|
||||
96
docs/_providers/msdns.md
Normal file
96
docs/_providers/msdns.md
Normal file
@@ -0,0 +1,96 @@
|
||||
---
|
||||
name: Microsoft DNS Server (Windows Server)
|
||||
layout: default
|
||||
jsId: MSDNS
|
||||
title: Microsoft DNS Server on Microsoft Windows Server
|
||||
---
|
||||
|
||||
# Microsoft DNS Server on Microsoft Windows Server
|
||||
|
||||
This provider updates a Microsoft DNS server.
|
||||
|
||||
It interacts with the server via PowerShell commands. As a result, DNSControl
|
||||
must be run on Windows and will automatically disable itself when run on
|
||||
non-Windows systems.
|
||||
|
||||
DNSControl will use `New-PSSession` to execute the commands remotely if
|
||||
`computername` is set in `creds.json` (see below).
|
||||
|
||||
This provider will replace `ACTIVEDIRECTORY_PS` which is deprecated.
|
||||
|
||||
# Caveats
|
||||
|
||||
* Two systems updating a zone is never a good idea. If Windows Dynamic
|
||||
DNS and DNSControl are both updating a zone, there will be
|
||||
unhappiness. DNSControl will blindly remove the dynamic records
|
||||
unless precautions such as `IGNORE*` and `NO_PURGE` are in use.
|
||||
* This is a new provider and has not been tested extensively,
|
||||
especially the `pssession` feature.
|
||||
|
||||
# Running on Non-Windows systems
|
||||
|
||||
Currently this driver disables itself when run on Non-Windows systems.
|
||||
|
||||
It should be possible for non-Windows hosts with PowerShell Core installed to
|
||||
execute commands remotely via SSH. The module used to talk to PowerShell
|
||||
supports this. It should be easy to implement. Volunteers requested.
|
||||
|
||||
## Configuration
|
||||
|
||||
The `ActiveDirectory_PS` provider reads an `computername` setting from
|
||||
`creds.json` to know the name of the ActiveDirectory DNS Server to run the commands on.
|
||||
Otherwise
|
||||
|
||||
{% highlight javascript %}
|
||||
{
|
||||
"msdns": {
|
||||
"dnsserver": "ny-dc01",
|
||||
"pssession": "mywindowshost"
|
||||
}
|
||||
}
|
||||
{% endhighlight %}
|
||||
|
||||
An example DNS configuration:
|
||||
|
||||
{% highlight javascript %}
|
||||
var REG_NONE = NewRegistrar('none', 'NONE')
|
||||
var MSDNS = NewDnsProvider("msdns", "MSDNS");
|
||||
|
||||
D('example.tld', REG_NONE, DnsProvider(MSDNS),
|
||||
A("test","1.2.3.4")
|
||||
)
|
||||
{% endhighlight %}
|
||||
|
||||
|
||||
# Converting from `ACTIVEDIRECTORY_PS`
|
||||
|
||||
If you were using the `ACTIVEDIRECTORY_PS` provider and are switching to `MSDNS`, make the following changes:
|
||||
|
||||
1. In `dnsconfig.js`, change `ACTIVEDIRECTORY_PS` to `MSDNS` in any `NewDnsProvider()` calls.
|
||||
|
||||
2. In `creds.json`: Since unused fields are quietly ignored, it is
|
||||
safe to list both the old and new options:
|
||||
a. Add a field "dnsserver" with the DNS server's name. (OPTIONAL if dnscontrol is run on the DNS server.)
|
||||
b. If the PowerShell commands need to be run on a different host using a `PSSession`, add `pssession: "remoteserver",` where `remoteserver` is the name of the server where the PowerShell commands should run.
|
||||
c. The MSDNS provider will quietly ignore `fakeps`, `pslog` and `psout`. Feel free to leave them in `creds.json` until you are sure you aren't going back to the old provider.
|
||||
|
||||
During the transition your `creds.json` file might look like:
|
||||
|
||||
{% highlight javascript %}
|
||||
{
|
||||
"msdns": {
|
||||
"ADServer": "ny-dc01", << Delete these after you have
|
||||
"fakeps": "true", << verified that MSDNS works
|
||||
"pslog": "log.txt", << properly.
|
||||
"psout": "out.txt",
|
||||
"dnsserver": "ny-dc01",
|
||||
"pssession": "mywindowshost"
|
||||
}
|
||||
}
|
||||
{% endhighlight %}
|
||||
|
||||
3. Run `dnscontrol preview` to make sure the provider works as expected.
|
||||
|
||||
4. If for any reason you need to revert, simply change `dnsconfig.js` to refer to `ACTIVEDIRECTORY_PS` again (or use `git` commands). If you are reverting because you found a bug, please [file an issue](https://github.com/StackExchange/dnscontrol/issues/new).
|
||||
|
||||
5. Once you are confident in the new provider, remove `ADServer`, `fakeps`, `pslog`, `psout` from `creds.json`.
|
||||
Reference in New Issue
Block a user