Enable a secondary DNS provider for DDoS resistance (#1711) · Issues · GitLab.com / GitLab Infrastructure Team / Production Engineering · GitLab (original) (raw)

Skip to content

• • Why GitLab
  • Pricing
  • Contact Sales
  • Explore
• Why GitLab
• Pricing
• Contact Sales
• Explore
• Sign in
• Get free trial

Enable a secondary DNS provider for DDoS resistance

We currently utilize Amazon's Route 53 as a DNS service we will be transitioning to a different primary provider (DynDNS) and have Route53 as a secondary provider; managed and synced by OctoDNS via GitLab repositories and CI jobs.

• Establish DynDNS Contract.
• Create Route53 user w/ scoped permissions and access tokens for automation.
• Create DynDNS user w/ API tokens for automation.
• Slurp Route53 zone data into DynDNS using OctoDNS.
• Validate DynDNS data in all zones.
• Test OctoDNS generated changes for population into DynDNS & Route53.
• Change SOA & NS records for all zones.
• Automate CI job for OctoDNS commits.
• Generate runbook documentation.

Risk Assessment (r-21)

Edited Aug 17, 2017 by John Northrup