Using RNDC to control remote access to my BIND server

Jim Popovitch jimpop at domainmail.org
Thu Apr 22 10:50:17 UTC 2021


On Thu, 2021-04-22 at 10:59 +0100, Greg Donohoe wrote:
> Hello,
> I have created a CI/CD pipeline in order to amend zone files using
> nsupdate based on a front end user request. This portion of the
> pipeline is working as expected so now I want to be able to connect
> from my pipeline runner to my remote BIND staging server and update
> the zone files on there with my newly updated zone file.
> I initially thought about using ssh from the runner to the remote BIND
> server but this may not be the most secure way of connecting.
> So my question is: Is it possible to use RNDC to manage my connection
> from host to remote server and if so, how can I ensure complete
> security?


My suggestion is to install a runner on the staging server and register
that runner in your gitlab/github/git/bitbucket/etc. You'd still have to
setup the trust bits so that the runner docker/js/etc environment can
talk to the staging named.

There's 10,000 ways to do things in CI/CD, the 1 way that doesn't exist
is the only one you will recall in the middle of a weekend while you are
on vacation. :) 

-Jim P.



More information about the bind-users mailing list