Ansible & Terraform DNS creation on Active Directory with nsupdate

active-directoryansibledomain-name-systemterraform

I'm trying to create a new DNS record on active directory with the nsupdate module. Both, Terraform and ansible works with key_name & key_secret.

If I disable the secure only option on active directory I can create the record. If I set secure only I don't know how to generate the TSIG key.

Anyone is using ansible or terraform with ansible to create dns records?

Best Answer

Windows/AD DNS doesn't support using TSIG keys to perform updates. You have to use a mechanism known as GSS-TSIG to sign the updates which the DNS Terraform provider doesn't currently support, (there is an open PR with a proposal). The alternative is, as you've already figured out, to disable secure updates.

Related Solutions

Terraform – how to use multiple modules to create temporary ressources

You can use terraform to target a certain module in a directory. So if you know I need two modules

module "one" {}
module "two" {}

You can run terraform apply -target module.one -target module.two

It can source the same module with different inputs.

Dynamically Updating Bind with Terraform – Authentication Failures

Looks at the first glance beeing different signature types. Bind key lists hmac-sha256, terraform lists hmac-md5. The error suites to that misconfiguration.

Best Answer

Related Solutions

Terraform – how to use multiple modules to create temporary ressources

Dynamically Updating Bind with Terraform – Authentication Failures

Related Topic