Upload the DNS zone when the zonefile is over the accepted limit
May 30, 2023 | 5 minute readIntroduction
This blogpost will provide the reader guidance for importing a DNS zone, when tot zone-file is over the accepted size.
In addition, I will go through the process of manual adding DNS records via the web UI, the OCI CLI and automating this task using a python script.
The post requires the reader to have the OCI CLI installed. If you do not have it, you can follow this documentation.
The issue
If you are importing a zone-file into the OCI DNS and you are receiving the error bellow, this means that your zone-file is too large.
In order to overcome this error, you need to split the zone file in two, making sure that the first file which includes the $ORIGIN, the SOA and the NS records, is less then the limit.
The second file which has DNS records will be used to import the records in to the OCI DNS zone. A sample of this file can be seen below.
Manually create the records
Login to the OCI WEB UI, navigate to `Networking > DNS Management > Zones`, select your zone and under `Records` create each record one by one.
This is not a fun task, you need to add each record one by one and at the end you need to publish the changes.
If you do not know how to add a record, you can follow the official documentation.
Create the DNS records using OCI CLI
This method uses the OCI CLI to add/delete a dns record. This method is still manual (you need to add the records one by one) but it is more quicker than the UI. The CLI will automatically publish the added record.
The CLI can be installed locally on a laptop (I used it in both Windows linux subsystem – Ubuntu and on MacOS), on a Compute Linux VM in the OCI or can via the cloud-shell. The documentation for installing the OCI CLI can be found here, and the documentation for the cloud-shell can be found here.
The CLI command to add a record can be found below.
oci dns record rrset update --zone-name-or-id ateam-oracle.tk --domain web.ateam-oracle.tk --rtype 'A' --items '[{"domain":"web.ateam-oracle.tk", "rdata":"1.1.1.1", "rtype":"A","ttl":300}]'
In the output above, you need to replace the: zone-name-id, domain, rtype, rdata.
The output of the command can be seen below.
oci dns record rrset update --zone-name-or-id ateam-oracle.tk --domain web.ateam-oracle.tk --rtype 'A' --items '[{"domain":"web.ateam-oracle.tk", "rdata":"1.1.1.1", "rtype":"A","ttl":300}]'
WARNING: Updates to items will replace any existing values. Are you sure you want to continue? [y/N]: y
{
"data": {
"items": [
{
"domain": "web.ateam-oracle.tk",
"is-protected": false,
"rdata": "1.1.1.1",
"record-hash": "d23005c6066cc73316fbe51436424eea",
"rrset-version": "882",
"rtype": "A",
"ttl": 300
}
]
},
"etag": "\"882ocid1.dns-zone.oc1..7cbe981e8bc5465889ccb67a3c491dba#application/json\"",
"opc-total-items": "1"
}
The command to delete the record and it's output can be found below.
oci dns record rrset delete --zone-name-or-id ateam-oracle.tk --domain web.ateam-oracle.tk --rtype 'A'
Are you sure you want to delete this resource? [y/N]: y
Create the DNS records using a python script
This method uses a script in python which will call the OCI CLI.
The script to add a record can be found below.
oci_cmd = "oci dns record rrset update --force --zone-name-or-id ateam-oracle.tk --domain {}.ateam-oracle.tk --rtype \'{}\' --items \'{}\'"
items = '''[}]'''
value = line.strip().split()
cmd = oci_cmd.format(value[0], value[2], items.format(value[0], value[3], value[2], value[1]))
subprocess.run(cmd, shell=True)
print(cmd)
f.close()
Once you run the script, it will take each line from the text file and create an OCI CLI command. The output of the script can be seen below.
python3 dns.py
{
"data": {
"items": [
{
"domain": "nursing.ateam-oracle.tk",
"is-protected": false,
"rdata": "209.19.133.35",
"record-hash": "148b8d89f223f39e70b26e67d7ca3d1c",
"rrset-version": "886",
"rtype": "A",
"ttl": 300
}
]
},
"etag": "\"886ocid1.dns-zone.oc1..7cbe981e8bc5465889ccb67a3c491dba#application/json\"",
"opc-total-items": "1"
}
oci dns record rrset update --force --§-name-or-id ateam-oracle.tk --domain nursing.ateam-oracle.tk --rtype 'A' --items '[{"domain":"nursing.ateam-oracle.tk", "rdata":"209.19.133.35", "rtype":"A","ttl": 300}]'
{
"data": {
"items": [
{
"domain": "roundcube.ateam-oracle.tk",
"is-protected": false,
"rdata": "110.6.136.122",
"record-hash": "1687fcd3ced256ef12907287f23ffaee",
"rrset-version": "887",
"rtype": "A",
"ttl": 300
}
]
},
"etag": "\"887ocid1.dns-zone.oc1..7cbe981e8bc5465889ccb67a3c491dba#application/json\"",
"opc-total-items": "1"
}
Deleting the records from the file can be done with the following script.
oci_cmd = "oci dns record rrset delete --force --zone-name-or-id ateam-oracle.tk --domain {} --rtype \'{}\'"
value = line.strip().split()
cmd = oci_cmd.format(value[0], value[3])
subprocess.run(cmd, shell=True)
print(value[0])
f.close()
Verify the imported records
Once the import is done you can verify the records in the Web UI. You navigate to the DNS zone and under Records you would see your records. The UI shows 20 records at a time.
You can download the zone file using the CLI and you will be able to see all the records. The CLI command can be found below.
oci dns zone get-zone-content --zone-name-or-id ateam-oracle.tk --file zonefile.txt
A sample file is presented below.
Conclusion
This post presented a workaround for the issue encountered when you are importing a zone-file and the size of the file is over the accepted limit.