0

I thought it would be a good idea to setup MX records in one zone, while using another zone managed by Terraform (using GCP) to deal with A records and CNAMES for the web server I'm setting up. Both zones have the sane DNS name (e.g. "example.com.")

I ended up with two different sets of NS records to configure as nameservers for the domain, so I added 2 servers from the first and two from the second, meaning:

  • ns-cloud-c1.googledomains.com
  • ns-cloud-c2.googledomains.com
  • ns-cloud-d1.googledomains.com
  • ns-cloud-d2.googledomains.com

Nameservers c1-c4 contain the MX records with the DNS zone that is not managed by Terraform, whereas nameservers d1-d4 contain the A and CNAME records managed by Terraform.

As I checked for propagation with https://dnschecker.org/, I ended up with some funky behavior, where every refresh gives me different results, and never fully propagated.

A few refreshes for the A record:

Refresh #1 enter image description here Refresh #2 enter image description here Refresh #3 enter image description here

And for the MX records

Refresh #1 enter image description here Refresh #2 enter image description here

My goal is to have a DNS zone for "example.com" that is fully managed by Terraform (for A and CNAME records) so that it can be destroyed without affecting the MX records. My questions are:

  1. Why does this behavior happen?, meaning, getting records not resolved on half of the propagation, but then appearing resolved on the next refresh.

  2. Should I be associating my domain name with multiple NS records in separate zones? (e.g. ns-cloud-[cde][1234].googledomains.com)

3.- Can I have 1 zone point to another one so that my DNS records are sharDed somehow? and just configure a single set of NS records with my domain.

4.- What is the best practice when it comes to using multiple zones for the same domain (not talking about subdomains)

dukeofgaming
  • 459
  • 1
  • 5
  • 14
  • What exactly are you trying to accomplish and why? Why do you want to separate the MX records from the other records? – joeqwerty Jan 06 '22 at 17:48
  • @joeqwerty I want to be able to create/destroy DNS records with terraform, but only the ones that are associated with the server I am creating (terraform creates an external IP, an A record for that IP, some CNAME records, and a DNS zone to tie them up). I also don't want to use `terraform import` for the zone... and I want to turn my terraform code into a module so that I can also spin up different environments (e.g. test, staging, dev). – dukeofgaming Jan 06 '22 at 18:52

1 Answers1

2

You can't have different zones with a different set of resource records for the same domain. Each name server designated by NS records for your domain should have exactly the same set of resource records.

If you don't want some resource records to be destroyed by terraform destroy then use terraform lifecycle prevent_destroy attribute.

AlexD
  • 8,179
  • 2
  • 28
  • 38
  • Using the `lifecycle` `prevent_destroy` attribute would disallow me from using `terraform destroy` altogether – dukeofgaming Jan 06 '22 at 18:46
  • 1
    You can remove these resources from Terraform state with `terraform state rm` before using `terraform destroy`. – AlexD Jan 06 '22 at 18:47