This is really interesting! One thing I would like to see more of is that you do dual stack configuration. A lot of us use IPv6 to talk directly to our machines without the hastle of NAT!
agreed, my ISP in Thailand is handing out prefix delegation, now, and I dont have to battle CGnat ip4 - which I currently use ARGO and WARP for... Although I have backup teleport with unifi UDM-PRO. Great video, Christian! I will apply to my bind9, now :)
Nice approach to manage the dns records together with your IAC via Terraform. I'm currently using terraform to manage virtual machines and an Ansible role to install and configure bind and it's zone files. As long as my Ansible inventory hosts are maintained correctly, my dns records will be as well ;) Greetings from Germany btw.
That's a really cool way of handling DNS records. I didn't know terraform could handle the bind config on its own. I use my OPNsense for DNS and create the records with a combination of terraform and ansible. I wrote a small playbook that creates an A record and several CNAME records which gets executed in my VM terraform module. That way I have the benefit of the lifecycle management from terraform plus the easy DNS setup without a dedicated VM for it. Combined with CI/CD it's just the perfect setup for a constantly changing homelab.
If you're big on Terraform, I think that's a great solution. I opted for Technitium DNS and wrote a small Docker app for updating through the built-in API.
I'm loving your content! It's right on time for me as a rebuild my labs! I would love to see you cover Hashicorp Vault for keeping Terraform/Ansible secrets!
i was able to fix this issue by changing the ownership of the /etc/bind file in the bind9 container. Since in the compose file, the specified user is root the ownership of the /etc/bind file inside the container should be the same. but by default this is not the case for me (was ubuntu:ubuntu). so i had to change it to root:root with (chown -R root:root /etc/bind) then reboot the container. After reinitializing terraform and applying them, everything worked just fine.
Nice tutorial, I'll totally set this up once I have my homelab setup ready. Btw have you ever used terraform cloud? It's pretty good ngl, have you seen it's latest update that it gives you one free runner to use for on premises terraform applies through terraform cloud?
Adguard Home DNS + Nginx PM with a DNS forward entry from your DNS to Nginx PM containing your reverse host and bingo, all your web app with public valid ssl certificates.
Awesome video, I have refactored my Terraform scripts to include now the DNS A records of my hosts in my homelab. One question though: how do you generate the records for PTR records?
@@christianlempa I'll try it during my next scheduled maintenance window for my homelab (weekends) Yes I know I just said I messed with production on a monday night, don't pay attention to that.
I'm having a problem with "apparmor", when making the modification with terraform, bind returns an error when creating the file, I verified that the ubuntu image does not allow the application to write to this directory.
I am able to add A records, but these records are not updated in my zone files. They are in a zone file with a jnl extention. How do I get thezone fles updated?
I am running the same ubuntu/bind9:latest image on an ubuntu cloud image server. Had the same issue. If you are passing in the environment variable BIND9_USER=root in your docker compose yaml, you will need to chown your three directories/contents to root on the host machine. For example, "sudo chown root:root ./config/". I also added an extra parameter to the named.conf zone: journal "/var/lib/bind/your-zone.jnl"; Then, docker compose up -d --force-recreate. Terraform was able to apply without issue.
Whats the point of trading one file system to another? i would have seen the utility in creating this dns records in some UI, otherwise it seems like I have to learn one more thing to configure 😅
You add the dns resource to the script that builds the actual VM. If you are just updating dns records then yes, this is ridiculous, however, if you are using terraform to build and update your infrastructure, you're already maintaining these same scripts.
Whether you're doing it in terraform or you editing bind records by hand, you're still doing it manually somewhere. You've solved absolutely nothing and added another layer on top of simply editing bind configuration files.
I think you're missing the point...this is mostly for devops, devsecops, etc. I think it's a bit ridiculous to use terraform in a home lab...but to learn the technology you need to practice it doing ridiculous things instead of fucking up a production environment. For instance - say you need a repeatable process of standing up infra and then destroying it when done 4 times a year. Instead of doing this manually and trying to remember what to do every quarter, you just use terraform to automate it with a known "good" config. Update the config as needed.... There is a reason it's a "Infrastructure as Code" tool. I hope I added some clarity...and thanks for sharing the video.
This is really interesting! One thing I would like to see more of is that you do dual stack configuration. A lot of us use IPv6 to talk directly to our machines without the hastle of NAT!
Thx :)
agreed, my ISP in Thailand is handing out prefix delegation, now, and I dont have to battle CGnat ip4 - which I currently use ARGO and WARP for... Although I have backup teleport with unifi UDM-PRO. Great video, Christian! I will apply to my bind9, now :)
Nice approach to manage the dns records together with your IAC via Terraform.
I'm currently using terraform to manage virtual machines and an Ansible role to install and configure bind and it's zone files. As long as my Ansible inventory hosts are maintained correctly, my dns records will be as well ;)
Greetings from Germany btw.
Cool! :) Grüße zurück :D
That's a really cool way of handling DNS records. I didn't know terraform could handle the bind config on its own.
I use my OPNsense for DNS and create the records with a combination of terraform and ansible. I wrote a small playbook that creates an A record and several CNAME records which gets executed in my VM terraform module. That way I have the benefit of the lifecycle management from terraform plus the easy DNS setup without a dedicated VM for it. Combined with CI/CD it's just the perfect setup for a constantly changing homelab.
If you're big on Terraform, I think that's a great solution. I opted for Technitium DNS and wrote a small Docker app for updating through the built-in API.
Nice!
I am happy to watch all your videos. And I'm learning. go go go!
I'm loving your content! It's right on time for me as a rebuild my labs! I would love to see you cover Hashicorp Vault for keeping Terraform/Ansible secrets!
Amazing video! Very nice content, well explained and very professional. Keep it up!
Thank you so much :)
Seriously Christan? I was looking up this topic and you posted this 3 hours ago!
Perfect timing 😂✌️
Awesome! I am try that right away. Thanks for sharing
Thx!
What I have done is use pfsense to automate DNS. I even got k3s to automatically update my dns entries
Wow that is cool!
Hello, how do you solve the problem of creating the journal?
Christian!! you didn't tell us how you solved it... :(
Yeah, still waiting for that second, where you explain how to solve the permissions issue. Great video! Thank you so much for this amazing content
i was able to fix this issue by changing the ownership of the /etc/bind file in the bind9 container. Since in the compose file, the specified user is root the ownership of the /etc/bind file inside the container should be the same. but by default this is not the case for me (was ubuntu:ubuntu). so i had to change it to root:root with (chown -R root:root /etc/bind) then reboot the container. After reinitializing terraform and applying them, everything worked just fine.
Nice tutorial, I'll totally set this up once I have my homelab setup ready. Btw have you ever used terraform cloud? It's pretty good ngl, have you seen it's latest update that it gives you one free runner to use for on premises terraform applies through terraform cloud?
Adguard Home DNS + Nginx PM with a DNS forward entry from your DNS to Nginx PM containing your reverse host and bingo, all your web app with public valid ssl certificates.
Awesome video, I have refactored my Terraform scripts to include now the DNS A records of my hosts in my homelab. One question though: how do you generate the records for PTR records?
Excellent video
Great video, interesting! Is there a web interface to insert new records into zones that interfaces with terraform+bind?
This is great. What do you use for ssl certs? Can you configure bind to use cloudflare certs?
Thanks! I'm using traefik as my reverse proxy, which also terminates TLS
What a great video
Glad you enjoyed it
I LITERALLY was doing this last night and ended up on a cludgy wildcard solution. Lets see if this works better!
Oh nice! Tell me how it works for you ;)
@@christianlempa I'll try it during my next scheduled maintenance window for my homelab (weekends)
Yes I know I just said I messed with production on a monday night, don't pay attention to that.
I just use FreeIPA for DNS Management. Once I add the server/ client to the Domain it automatically gets added as a DNS Entry
I'm having a problem with "apparmor", when making the modification with terraform, bind returns an error when creating the file, I verified that the ubuntu image does not allow the application to write to this directory.
Is there any GUI for bind9 ? something like GoDaddy DNS manager / cpanel DNS manager ? If you plan to start that project, I would love to see it
I am able to add A records, but these records are not updated in my zone files. They are in a zone file with a jnl extention. How do I get thezone fles updated?
can you help me Chritian how to give permission to create that journal file?
Do you use terraform and Raspberry Pi? How?
how did you solve the jnl file creation
I am also now trying to figure that part out :-)
I am running the same ubuntu/bind9:latest image on an ubuntu cloud image server. Had the same issue. If you are passing in the environment variable BIND9_USER=root in your docker compose yaml, you will need to chown your three directories/contents to root on the host machine. For example, "sudo chown root:root ./config/". I also added an extra parameter to the named.conf zone: journal "/var/lib/bind/your-zone.jnl";
Then, docker compose up -d --force-recreate. Terraform was able to apply without issue.
@@wolfbyte1555 Hey, I applied that to my config and works perfectly.. Thanks.
Whats the point of trading one file system to another? i would have seen the utility in creating this dns records in some UI, otherwise it seems like I have to learn one more thing to configure 😅
You need to rewatch the video, I'm explaining it somewhere in the middle ;)
Don’t you have pi-hole ? And can it be updated in the same way?
May be running a pfsense DNS resolver or something more advanced, pi-hole is tonka trucks compared to some of the big rigs out there
No, to both :D But you can still use bind9 together with pihole, just do a DNS forwarding :)
Would this be better than pihole dns?
Depends... bind9 is just a DNS Server, PiHole also does Ad blocking.
No i would not use terraform. Just open the Zonefile, with a watch daemon CTRL+S is reload the config 🙂
You forgot to add that you need to change one DNS in the router to our DNS address!
That's not how it works!
Are you no longer on Odysee?!?! 😥
No, it's just a terrible platform
so - instead of having a one huge file to upkeep, you would need to upkeep a huge amount of terraform scripts, what a smart move
You add the dns resource to the script that builds the actual VM. If you are just updating dns records then yes, this is ridiculous, however, if you are using terraform to build and update your infrastructure, you're already maintaining these same scripts.
16:38 yes it's pronounced like daymon.
Erster 😀
Zweiter :D
@@christianlempa Dann bin ich wohl der dritte 🤣
Whether you're doing it in terraform or you editing bind records by hand, you're still doing it manually somewhere.
You've solved absolutely nothing and added another layer on top of simply editing bind configuration files.
Yes, but when you decom your vm that you built with terraform, you can delete the dns entry at the same time.
I think you're missing the point...this is mostly for devops, devsecops, etc. I think it's a bit ridiculous to use terraform in a home lab...but to learn the technology you need to practice it doing ridiculous things instead of fucking up a production environment.
For instance - say you need a repeatable process of standing up infra and then destroying it when done 4 times a year. Instead of doing this manually and trying to remember what to do every quarter, you just use terraform to automate it with a known "good" config. Update the config as needed.... There is a reason it's a "Infrastructure as Code" tool. I hope I added some clarity...and thanks for sharing the video.
Really awesome stuff. What plug-in are you using for terraform autocomplete. I always have to go back to the documentation 🥲🤪
where is video for using letsencrypt for the apps running on the internal networks?