INTRODUCTION route53d is a DNS frontend to the Amazon Route 53 API. It allows you to use standard DNS tools to make changes to your Route 53 zones. At the moment it supports adding and deleting resource records by dynamic update (e.g with nsupdate). Support for slaving from your master DNS server by incremental zone transfer (IXFR) and pushing zones changes to the API is nearly complete. REQUIREMENTS + Python http://www.python.org/ + boto https://github.com/boto/boto Route 53 support isn't yet in a Boto release. Take a source snapshot from Github. + dnspython http://www.dnspython.org/ + An active Amazon Route53 account http://aws.amazon.com/route53/ + AWS access keys http://aws.amazon.com/iam/faqs/ http://aws.typepad.com/aws/2010/12/dns30-a-visual-tool-for-amazon-route-53.html INSTALLATION 1. Install Python, dnspython and Boto according to their documentation. This may help: http://aws.amazon.com/articles/3998 2. route53d uses Boto to call the Route53 API. Configure Boto with your AWS access key: http://code.google.com/p/boto/wiki/BotoConfig 3. Create a config file. Use route53d.ini.sample as teh starting point. 4. Start the daemon: route53d.py [--config /path/to/route53d.ini] LIMITATIONS + Resource-record deletion The DNS dynamic update mechanism allows deletion of 1) a specific resource-record, 2) a resource-record set, or 3) deletion of all records belonging to a name. The Route 53 API implements only specific resource-record deletion so route53d will reject requests for the other deletion types. BUGS! Definitely. Email me with bug reports, debug logs, and patches: james@now.ie FUTURE WORK Started: + IXFR React to a NOTIFY message, use IXFR to fetch incremental changes from an upstream DNS server, push each zone increment as one API call. Status: 80% complete. + Answer SOA queries for IXFR slave zones Respond with the current SOA for a zone that is slaved via IXFR to allow DNS based monitoring of API update progress. Status: 40% complete. Not yet started: + Remove the deletion TTL kludge Need to be able to populate record TTLs in API delete calls. Query from DNS? Very non-atomic ... + Use the ListHostedZones API call at startup instead of configuring each HostedZone ID in the config file. For the moment I want the script to only mess with zones that have been specifically marked as safe to play with. + AXFR An upstream server responding to IXFR can require the client to fallback to AXFR. + Authentication Authenticate dynamic updates, notifies and IXFR/AXFR by TSIG. Maybe support authorization by IP address. + Pending change polling Maintain a queue of pending changes and poll the API asynchronously to log when a change is complete. + Review the process model It's a bit clunky. When the script internals settle down should see if there's a more appropriate way to split up the work. + Cleanly handle API limits Code for the maximum number of changes per call (1000) and maximum amount of record data (32000B) per call LICENSE This software is released under a 3-clause BSD licence. The licence text is in the script. $Id$