Cloud Automation — Launching Secondary DNS with Ansible

Some time ago, my colleagues in the hosting business and I discussed the automation of routine operations on our servers. This conversation turned to DNS server systems, the deployment of secondary DNS, their migrations, and related issues from a practical standpoint.

When only a few dedicated servers or VDS are in use, serious automation is rarely considered. However, as the number of managed systems reaches hundreds or thousands, one should consider specialized configuration management software.

There are many solutions for configuration management, but we will focus on Ansible. We chose this tool because it doesn’t require any special daemons on the servers; all actions occur through secure SSH connections. Ansible also boasts excellent documentation and a large library of ready-made modules.

Installation of Ansible

First, install Ansible on your management server. If using CentOS, connect to the EPEL repository and install Ansible:

# yum install ansible

Prepare SSH keys for managing subordinate servers:

# ssh-keygen

The file /root/.ssh/id_rsa.pub (public key) will be needed later. Upload this file’s content to /root/.ssh/authorized_keys on your secondary NS servers.

Configuring DNS Servers

Assume we have a primary server with BIND (named ns.domain.com) for original domain zones. We will use secondary NS servers based on PowerDNS with support for supermaster to load original zones after modifications. The primary server will not handle requests, serving as a