Preface

At DNSimple, we use Chef to automate our global infrastructure of DNS servers. Since my first day on the job, I have been using Chef to automate and maintain all of our software configuration. Our software stack comes with it's own unique needs and challenges and Chef's flexibility still makes it an excellent tool for the job. We not only maintain a set of internal cookbooks, but a lot of open source cookbooks you can find on the Chef Supermarket today.

Our Own Chef cookbook

We maintain our own DNSimple cookbook, the idea behind this cookbook is to provide basic functionality of our API via Chef LWRPs. Currently the cookbook allows creation/destroy of any kind of our supported DNS records, this can be really useful in cases such us provisioning servers and services automatically assigning them hostnames via recipes in combination with databags. You can find more information in this dedicated post by my awesome new colleague David Aronsohn about the DNSimple cookbook.

It runs a full unit spec suit, and we are actively working on improving and expanding it, pull requests are welcome!

The DNSimple cookbook has been recently recognized as part of the Chef Partner Cookbooks program.

Exabgp

We also heavily rely on ExaBGP for providing BGP routing in our nameserver infrastructure for anycast IPv4 and IPv6 networks and other related service. We have recently started using ExaBGP in our web infrastructure for providing high availability.

For those who don't know, ExaBGP is an excellent implementation of BGP for software defined networking. This allows us to transform BGP messages into plain text or JSON which can be handled in our Linux infrastructure. It also provides a healthcheck backend which we use in several places to check the correct operation of our own systems.

We've been mantaining the official ExaBGP cookbook since we took over from Heavywater back in the summer of 2014. Over time, the cookbook has evolved and is now on a healthy 2.0 release using libraries to provide LWRPs for creating custom BGP configurations.

There is work to do, we need to improve testing in this cookbook since it only provides a basic testing harness but not a specific battery of tests. Of course, pull requests are very welcome.

Stunnel

At DNSimple we use Stunnel in order to provide end to end TLS connections between our web and worker servers and our redis instances. Stunnel is an old opensource project that dates back to 1998 that is still actively maintained with many monthly releases and bug fixes.

The Stunnel cookbook provides LWRPs to create tunnels on desired endpoints as client and server, allows to install stunnel from source or from the distros package and has some integration tests written in Serverspec.

PDNS

While we stopped using PowerDNS a few years ago in favor of our erlang based DNS servers, we still use it to support our Secondary DNS feature.

Consequently, we maintain a PowerDNS cookbook for deploying and configuring PowerDNS servers. There are several tipical PowerDNS configurations such us authoritative or resolver and we provide different recipes that combine this configurations with package or source based installs.

Integration tests are part of the cookbook, which is in its 2.2.1 release at this moment.

Takeaways

At DNSimple we love opensource and we contribute to it in many ways, maintaining this set of cookbooks is one of our ways of giving something back to the community.