937 words
5 minutes
Automating DNS Record Management with Terraform and NS1
2025-06-01
IT
terraform
/
dns
/
ns1
/
automation
/
infrastructure-as-code

Introduction#

Managing DNS records can be a tedious and error-prone task, especially in dynamic environments where applications and services are constantly being deployed and updated. Traditional methods often involve manual updates through web interfaces or command-line tools, which are time-consuming and susceptible to human error. Infrastructure-as-Code (IaC) offers a solution by allowing you to define and manage your infrastructure, including DNS records, using code.

This article explores how to automate DNS record management using Terraform and NS1. NS1 is a modern DNS platform that offers powerful APIs and features, while Terraform is a popular IaC tool that enables you to define and provision infrastructure resources in a declarative manner. By combining these two technologies, you can streamline your DNS management, improve consistency, and reduce the risk of errors.

Why Automate DNS Management?#

Before diving into the implementation details, let’s consider the benefits of automating DNS management:

  • Reduced Manual Effort: Automating DNS record creation, modification, and deletion eliminates the need for manual intervention, freeing up valuable time for your operations team.
  • Improved Consistency: IaC ensures that your DNS records are configured consistently across all environments, reducing the risk of configuration drift and inconsistencies.
  • Faster Deployment Cycles: Automating DNS updates allows you to quickly deploy new applications and services without waiting for manual DNS configuration.
  • Reduced Errors: By defining your DNS records in code, you can minimize the risk of human errors that can lead to outages or security vulnerabilities.
  • Version Control: Storing your DNS configuration in a version control system like Git enables you to track changes, collaborate effectively, and easily roll back to previous configurations.

Prerequisites#

Before you begin, ensure you have the following prerequisites:

  • NS1 Account: You’ll need an active NS1 account with API access.
  • Terraform: Install Terraform on your local machine or CI/CD environment.
  • Terraform NS1 Provider: Configure the Terraform NS1 provider with your NS1 API key.

Configuring the Terraform NS1 Provider#

The first step is to configure the Terraform NS1 provider. This involves providing your NS1 API key to Terraform so it can authenticate with the NS1 API.

Create a provider.tf file with the following content:

terraform {
  required_providers {
    ns1 = {
      source  = "ns1-terraform/ns1"
      version = "~> 1.18.0"
    }
  }
}

provider "ns1" {
  apikey = var.ns1_api_key
}

variable "ns1_api_key" {
  type        = string
  description = "The NS1 API key"
  sensitive   = true
}

Explanation:

  • The terraform block specifies the required providers for this configuration. In this case, we’re using the ns1-terraform/ns1 provider.
  • The provider "ns1" block configures the NS1 provider with your API key. We are using a variable to store the API key securely.
  • The variable "ns1_api_key" block defines a variable for the NS1 API key. The sensitive = true attribute ensures that the API key is not displayed in Terraform output.

You can set the ns1_api_key variable in several ways:

  1. Environment Variable: Set the TF_VAR_ns1_api_key environment variable:

    export TF_VAR_ns1_api_key="YOUR_NS1_API_KEY"

  2. Terraform Variables File: Create a terraform.tfvars file with the following content:

    ns1_api_key = "YOUR_NS1_API_KEY"

    Important: Do not commit your terraform.tfvars file to version control if it contains sensitive information.

  3. Command-Line Argument: Pass the variable value as a command-line argument when running Terraform commands:

    terraform apply -var="ns1_api_key=YOUR_NS1_API_KEY"

Choose the method that best suits your security requirements and workflow.

Creating a DNS Zone#

Now that the provider is configured, let’s create a DNS zone. Create a zone.tf file with the following content:

resource "ns1_zone" "example_zone" {
  domain  = "example.com"
  dns_servers = ["dns1.p01.nsone.net", "dns2.p01.nsone.net", "dns3.p01.nsone.net", "dns4.p01.nsone.net"]
}

Explanation:

  • The resource "ns1_zone" "example_zone" block defines a new NS1 zone resource.
  • The domain attribute specifies the domain name for the zone.
  • The dns_servers attribute specifies the NS1 DNS servers for the zone.

To create the zone, run the following Terraform commands:

terraform init
terraform plan
terraform apply

Terraform will initialize the configuration, display a plan of the changes to be made, and then apply the changes to create the zone.

Creating DNS Records#

With the zone created, let’s add some DNS records. Create a records.tf file with the following content:

resource "ns1_record" "www_record" {
  zone   = ns1_zone.example_zone.domain
  domain = "www.example.com"
  type   = "A"
  answers {
    answer = "192.0.2.1"
  }
}

resource "ns1_record" "mail_record" {
  zone   = ns1_zone.example_zone.domain
  domain = "mail.example.com"
  type   = "MX"
  answers {
    answer = "10 mail.example.com"
  }
}

resource "ns1_record" "txt_record" {
  zone   = ns1_zone.example_zone.domain
  domain = "example.com"
  type   = "TXT"
  answers {
    answer = "\"v=spf1 mx -all\""
  }
}

Explanation:

  • The resource "ns1_record" "www_record" block defines an A record for www.example.com.
  • The zone attribute specifies the zone to which the record belongs. It references the domain attribute of the ns1_zone resource we created earlier.
  • The domain attribute specifies the domain name for the record.
  • The type attribute specifies the record type (A, MX, TXT, etc.).
  • The answers block defines the record’s answer(s). In this case, the A record points to the IP address 192.0.2.1.
  • The resource "ns1_record" "mail_record" block defines an MX record for mail.example.com. The answer includes the priority and the mail server hostname.
  • The resource "ns1_record" "txt_record" block defines a TXT record for example.com, commonly used for SPF records.

To create the records, run the following Terraform commands:

terraform plan
terraform apply

Terraform will display a plan of the changes to be made and then apply the changes to create the records.

Dynamic DNS Updates#

One of the key benefits of using Terraform and NS1 is the ability to dynamically update DNS records based on changes in your infrastructure. For example, you might want to update an A record to point to the IP address of a newly deployed server.

Here’s an example of how to dynamically update a DNS record using Terraform:

data "aws_instance" "example_instance" {
  filter {
    name   = "tag:Name"
    values = ["example-server"]
  }
}

resource "ns1_record" "dynamic_record" {
  zone   = ns1_zone.example_zone.domain
  domain = "dynamic.example.com"
  type   = "A"
  answers {
    answer = data.aws_instance.example_instance.public_ip
  }
}

Explanation:

  • The data "aws_instance" "example_instance" block uses the AWS provider to retrieve information about an EC2 instance with the tag Name = example-server.
  • The resource "ns1_record" "dynamic_record" block defines an A record for `dynamic.example.com
Automating DNS Record Management with Terraform and NS1
https://en.dymripper.com/posts/2025-06-01-automating-dns-record-management-with-terraform-and-ns1/
Author
DYMripper
Published at
2025-06-01
Automating Database Performance Tuning with pg_tune and Ansible
Automating Network Anomaly Detection with Grafana Loki and Machine Learning