github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(infra): Remove stale DNS records (#5312)

Browse Source 
Removes stale records that aren't pointing to valid services in use.
This commit is contained in:
Jamil
2024-06-12 10:17:21 -07:00
committed by GitHub
parent bb92e26ade
commit 46d4f2230d
2 changed files with 5 additions and 401 deletions
Download Patch File Download Diff File Expand all files Collapse all files

250
terraform/environments/production/dns.tf
View File

@@ -15,17 +15,6 @@ resource "google_dns_record_set" "dns-caa" {
# Website
# Vercel doesn't support IPv6
# resource "google_dns_record_set" "website-ipv6" {
# project = module.google-cloud-project.project.project_id
# managed_zone = module.google-cloud-dns.zone_name
# type = "AAAA"
# name = module.google-cloud-dns.dns_name
# rrdatas = ["2001:19f0:ac02:bb:5400:4ff:fe47:6bdf"]
# ttl = 3600
# }
resource "google_dns_record_set" "website-ipv4" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
@@ -46,16 +35,6 @@ resource "google_dns_record_set" "website-www-redirect" {
ttl = 3600
}
resource "google_dns_record_set" "status-page" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "CNAME"
name = "status.${module.google-cloud-dns.dns_name}"
rrdatas = ["bs4nszn1hdh6.stspg-customer.com."]
ttl = 3600
}
resource "google_dns_record_set" "blog-ipv4" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
@@ -95,101 +74,8 @@ resource "google_dns_record_set" "docs-ipv6" {
ttl = 3600
}
## TODO: get rid off this one
resource "google_dns_record_set" "awsdemo-ipv4" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "A"
name = "awsdemo.${module.google-cloud-dns.dns_name}"
rrdatas = ["52.200.241.107"]
ttl = 3600
}
resource "google_dns_record_set" "awsdemo-acme-verification" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "TXT"
name = "_acme-challenge.awsdemo.${module.google-cloud-dns.dns_name}"
rrdatas = ["sX54Me2woKpf_iLC4R9Il_8U8OuMTtGqRXOo5fveCNU"]
ttl = 3600
}
## TODO: get rid off this one
resource "google_dns_record_set" "docker-dev-ipv4" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "A"
name = "docker-dev.${module.google-cloud-dns.dns_name}"
rrdatas = ["3.101.147.119"]
ttl = 3600
}
# Third-party services
## Sendgrid
resource "google_dns_record_set" "sendgrid-project" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "CNAME"
name = "23539796.${module.google-cloud-dns.dns_name}"
rrdatas = ["sendgrid.net."]
ttl = 3600
}
resource "google_dns_record_set" "sendgrid-return-1" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "CNAME"
name = "em8227.${module.google-cloud-dns.dns_name}"
rrdatas = ["u23539796.wl047.sendgrid.net."]
ttl = 3600
}
resource "google_dns_record_set" "sendgrid-return-2" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "CNAME"
name = "url6320.${module.google-cloud-dns.dns_name}"
rrdatas = ["sendgrid.net."]
ttl = 3600
}
resource "google_dns_record_set" "sendgrid-domainkey1" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "CNAME"
name = "s1._domainkey.${module.google-cloud-dns.dns_name}"
rrdatas = ["s1.domainkey.u23539796.wl047.sendgrid.net."]
ttl = 3600
}
resource "google_dns_record_set" "sendgrid-domainkey2" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "CNAME"
name = "s2._domainkey.${module.google-cloud-dns.dns_name}"
rrdatas = ["s2.domainkey.u23539796.wl047.sendgrid.net."]
ttl = 3600
}
resource "google_dns_record_set" "sendgrid-reverse-dns" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "A"
name = "o1.ptr3213.${module.google-cloud-dns.dns_name}"
rrdatas = ["159.183.164.144"]
ttl = 3600
}
# Mailgun
resource "google_dns_record_set" "mailgun-dkim" {
@@ -209,31 +95,6 @@ resource "google_dns_record_set" "mailgun-dkim" {
]
}
# Postmark
resource "google_dns_record_set" "postmark-dkim" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
name = "20231019190050pm._domainkey.${module.google-cloud-dns.dns_name}"
type = "TXT"
ttl = 3600
rrdatas = [
"k=rsa;p=k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClXI0pMLt49Ib2jTQ3bCIw1QtEySHuaaOzk3Li0c9R3xAuOtt2PcxNx1TEgIdOA7fw6ONN1YyPf68NXOw7J3dV1Ldfln6VxRYcXaPSqhNtftaK87Rr6VqiJRiP4iEYQi4IQa9JJ4Za6s/aSLmji5mob7u3iI/Bj412Krkao6wLwwIDAQAB"
]
}
resource "google_dns_record_set" "postmark-return" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "CNAME"
name = "pm-bounces.${module.google-cloud-dns.dns_name}"
rrdatas = ["pm.mtasv.net."]
ttl = 3600
}
# GitHub
resource "google_dns_record_set" "github-verification" {
@@ -249,21 +110,6 @@ resource "google_dns_record_set" "github-verification" {
]
}
# Twilio
resource "google_dns_record_set" "twilio-verification" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
name = "_twilio.${module.google-cloud-dns.dns_name}"
type = "TXT"
ttl = 3600
rrdatas = [
"twilio-domain-verification=12fc8b0170bb9b63e4b6de67a5c923f0"
]
}
# Google Workspace
resource "google_dns_record_set" "google-mail" {
@@ -310,7 +156,6 @@ resource "google_dns_record_set" "root-verifications" {
"google-site-verification=hbBLPfTlejIaxyFTPZN0RaIk6Y6qhQTG2yma7I06Emo",
"google-site-verification=oAugt2Arr7OyWaqJ0bkytkmIE-VQ8D_IFa-rdNiqa8s",
"google-site-verification=VDl82gbqVHJW6un8Mcki6qDhL_OGK6G8ByOB6qhaVbg",
"protonmail-verification=775efd155d2dec59fc6341d6bbfec288038f1917",
"oneleet-domain-verification-72120df0-57da-4da7-b7bf-e26eaee9dd85"
]
}
@@ -328,67 +173,6 @@ resource "google_dns_record_set" "google-dkim" {
]
}
## ext. domain email server
## TODO: get rid off this
resource "google_dns_record_set" "google-ext-mail" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
name = "ext.${module.google-cloud-dns.dns_name}"
type = "MX"
ttl = 3600
rrdatas = [
"1 aspmx.l.google.com.",
"5 alt1.aspmx.l.google.com.",
"5 alt2.aspmx.l.google.com.",
"10 alt3.aspmx.l.google.com.",
"10 alt4.aspmx.l.google.com."
]
}
resource "google_dns_record_set" "google-ext-dmarc" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
name = "_dmarc.ext.${module.google-cloud-dns.dns_name}"
type = "TXT"
ttl = 3600
rrdatas = [
"\"v=DMARC1;\" \"p=reject;\" \"rua=mailto:dmarc-reports@firezone.dev;\" \"pct=100;\" \"adkim=s;\" \"aspf=s\"",
"google-site-verification=xlFwz_eC6ksZ1dAJKwNzFISlZRpFRQ2mggo851altmI"
]
}
resource "google_dns_record_set" "google-ext-spf" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
name = "ext.${module.google-cloud-dns.dns_name}"
type = "TXT"
ttl = 3600
rrdatas = [
"\"v=spf1 include:_spf.google.com ~all\""
]
}
resource "google_dns_record_set" "google-ext-dkim" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
name = "google._domainkey.ext.${module.google-cloud-dns.dns_name}"
type = "TXT"
ttl = 3600
rrdatas = [
"\"v=DKIM1;\" \"k=rsa;\" \"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubhkd+M9O2fILLpfRzCN5vhd81uSfaCbfeQ5Uf/BsBnuJ8AYOsyW\" \"bzy3UYU1y2JnJi1D8U+o1idcTPC1wB1okBHUnohI1O9hRDHb5NzV4NTxK0D36ESbgGzv94xu1n1GfxoO/wWga69eu/unz79/SRdVEida09bF0eXg9q\" \"5dtyIPI9NvYGtKAvLIABYHkutlUA2dNggraVTXldTlccMWmtd9uzemBg0bpN6zxygSLM9PSsEf0WEJJYvUXrEIQI4o9Ujh1/PqIgRpdqRAbmyhO3BobGNm5qmn3i1ZxWF0L\" \"T8zC3QShMPO+BagJlDav1ZNxBtih+vqqeyJvm8gwPXHiQIDAQAB\""
]
}
# Oneleet Trust page
resource "google_dns_record_set" "oneleet-trust" {
@@ -405,6 +189,7 @@ resource "google_dns_record_set" "oneleet-trust" {
}
# Stripe checkout pages
resource "google_dns_record_set" "stripe-checkout" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
@@ -426,6 +211,7 @@ resource "google_dns_record_set" "stripe-checkout-acme" {
}
# HubSpot
resource "google_dns_record_set" "hubspot-domainkey1" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
@@ -445,35 +231,3 @@ resource "google_dns_record_set" "hubspot-domainkey2" {
rrdatas = ["firezone-dev.hs07b.dkim.hubspotemail.net."]
ttl = 3600
}
# Proton
## TODO: get rid off this
resource "google_dns_record_set" "proton-domainkey1" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "CNAME"
name = "protonmail._domainkey.${module.google-cloud-dns.dns_name}"
rrdatas = ["protonmail.domainkey.dbmieophzl5yorultqalvxh5cjl65qstyplotj4asfsqiqan6337a.domains.proton.ch."]
ttl = 3600
}
resource "google_dns_record_set" "proton-domainkey2" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "CNAME"
name = "protonmail2._domainkey.${module.google-cloud-dns.dns_name}"
rrdatas = ["protonmail2.domainkey.dbmieophzl5yorultqalvxh5cjl65qstyplotj4asfsqiqan6337a.domains.proton.ch."]
ttl = 3600
}
resource "google_dns_record_set" "proton-domainkey3" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "CNAME"
name = "protonmail3._domainkey.${module.google-cloud-dns.dns_name}"
rrdatas = ["protonmail3.domainkey.dbmieophzl5yorultqalvxh5cjl65qstyplotj4asfsqiqan6337a.domains.proton.ch."]
ttl = 3600
}

156
terraform/environments/staging/dns.tf
View File

@@ -13,7 +13,7 @@ resource "google_dns_record_set" "dns-caa" {
ttl = 3600
}
# Website
# Website -- these redirect to firezone.dev
resource "google_dns_record_set" "website-ipv6" {
project = module.google-cloud-project.project.project_id
@@ -45,29 +45,7 @@ resource "google_dns_record_set" "website-www-redirect" {
ttl = 3600
}
# Our team's Firezone instance(s)
resource "google_dns_record_set" "dogfood" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "A"
name = "dogfood.${module.google-cloud-dns.dns_name}"
rrdatas = ["45.63.56.50"]
ttl = 3600
}
resource "google_dns_record_set" "awsfz1" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "CNAME"
name = "awsfz1.${module.google-cloud-dns.dns_name}"
rrdatas = ["ec2-52-200-241-107.compute-1.amazonaws.com."]
ttl = 3600
}
# Our MAIN discourse instance, do not change this!
# Our community forum, discourse
resource "google_dns_record_set" "discourse" {
project = module.google-cloud-project.project.project_id
@@ -79,50 +57,6 @@ resource "google_dns_record_set" "discourse" {
ttl = 300
}
# VPN-protected DNS records
resource "google_dns_record_set" "metabase" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "A"
name = "metabase.${module.google-cloud-dns.dns_name}"
rrdatas = ["10.5.96.5"]
ttl = 3600
}
# Wireguard test servers
resource "google_dns_record_set" "wg0" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "A"
name = "wg0.${module.google-cloud-dns.dns_name}"
rrdatas = ["54.151.104.17"]
ttl = 3600
}
resource "google_dns_record_set" "wg1" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "A"
name = "wg1.${module.google-cloud-dns.dns_name}"
rrdatas = ["54.183.57.227"]
ttl = 3600
}
resource "google_dns_record_set" "wg2" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "A"
name = "wg2.${module.google-cloud-dns.dns_name}"
rrdatas = ["54.177.212.45"]
ttl = 3600
}
# Connectivity check servers
resource "google_dns_record_set" "ping-backend" {
@@ -158,16 +92,6 @@ resource "google_dns_record_set" "ping-ipv6" {
# Telemetry servers
resource "google_dns_record_set" "old-ipv4" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "A"
name = "old-telemetry.${module.google-cloud-dns.dns_name}"
rrdatas = ["143.244.211.244"]
ttl = 3600
}
resource "google_dns_record_set" "t-ipv4" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
@@ -210,56 +134,7 @@ resource "google_dns_record_set" "telemetry-ipv6" {
# Third-party services
## Sendgrid
resource "google_dns_record_set" "sendgrid-project" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "CNAME"
name = "23539796.${module.google-cloud-dns.dns_name}"
rrdatas = ["sendgrid.net."]
ttl = 3600
}
resource "google_dns_record_set" "sendgrid-return-1" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "CNAME"
name = "em3706.${module.google-cloud-dns.dns_name}"
rrdatas = ["u23539796.wl047.sendgrid.net."]
ttl = 3600
}
resource "google_dns_record_set" "sendgrid-return-2" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "CNAME"
name = "url6320.${module.google-cloud-dns.dns_name}"
rrdatas = ["sendgrid.net."]
ttl = 3600
}
resource "google_dns_record_set" "sendgrid-domainkey1" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "CNAME"
name = "s1._domainkey.${module.google-cloud-dns.dns_name}"
rrdatas = ["s1.domainkey.u23539796.wl047.sendgrid.net."]
ttl = 3600
}
resource "google_dns_record_set" "sendgrid-domainkey2" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "CNAME"
name = "s2._domainkey.${module.google-cloud-dns.dns_name}"
rrdatas = ["s2.domainkey.u23539796.wl047.sendgrid.net."]
ttl = 3600
}
# Mailgun
resource "google_dns_record_set" "mailgun-dkim" {
project = module.google-cloud-project.project.project_id
@@ -278,31 +153,6 @@ resource "google_dns_record_set" "mailgun-dkim" {
]
}
# Postmark
resource "google_dns_record_set" "postmark-dkim" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
name = "20230606183724pm._domainkey.${module.google-cloud-dns.dns_name}"
type = "TXT"
ttl = 3600
rrdatas = [
"k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCGB97X54FpoXNFuuPpI2u18ymEHBvNGfaRVXn9KEKAnSIfayJ6V3m5C5WGmfv579gyvfdDm04NAVBMcxe6mkjZHsZwds7mPjOYmRlsCClcy6ITqHwPdGSqP0f4zes1AT3Sr1GCQkl/2CdjWzc7HLoyViPxcH17yJN8HlfCYg5waQIDAQAB"
]
}
resource "google_dns_record_set" "postmark-return" {
project = module.google-cloud-project.project.project_id
managed_zone = module.google-cloud-dns.zone_name
type = "CNAME"
name = "pm-bounces.${module.google-cloud-dns.dns_name}"
rrdatas = ["pm.mtasv.net."]
ttl = 3600
}
# Google Workspace
resource "google_dns_record_set" "google-mail" {