From d284134cd73e02aeac16cb8c98d10d2a992e687d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat@debian.org>
Date: Tue, 27 Oct 2020 14:12:51 -0400
Subject: [PATCH] add automation notes

---
 howto/dns.md | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/howto/dns.md b/howto/dns.md
index 4a4de0d4..ecc90dc4 100644
--- a/howto/dns.md
+++ b/howto/dns.md
@@ -226,10 +226,38 @@ If it's not delegated, it's because you forgot step 8 in the zone
 addition procedure. Ask your upstream or registrar to delegate the
 zone and run the checks again.
 
-# Design
+
+# Discussion
+
+## Design
 
 This needs to be documented better. weasel made a [blog post](https://dsa.debian.org/dsablog/2014/The_Debian_DNS_universe/)
 describing parts of the infrastructure on Debian.org, and that is
 partly relevant to TPO as well.
 
 TODO: adapt this document to the [service template](template).
+
+## Automation
+
+Debian has a [set of scripts](https://salsa.debian.org/dsa-team/mirror/dsa-misc/-/tree/master/scripts/dns-providers) to automate talking to some providers
+like Netnod. A YAML file has metadata about the configuration, and
+pushing changes is as simple as:
+
+    publish tor-dnsnode.yaml
+
+That config file would look something like:
+
+    ---
+      endpoint: https://dnsnodeapi.netnod.se/apiv3/
+      base_zone:
+        endcustomer: "TorProject"
+        masters:
+          # nevii.torproject.org
+          - ip: "49.12.57.130"
+            tsig: "netnod-torproject-20180831."
+          - ip: "2a01:4f8:fff0:4f:266:37ff:fee9:5df8"
+            tsig: "netnod-torproject-20180831."
+        product: "probono-premium-anycast"
+
+This is not currently in use at TPO and changes are operated manually
+through the web interface.
-- 
GitLab