Automating BIND9 DNS Management: From Manual Configs to Infrastructure as Code

Managing BIND9 DNS zone files manually doesn't scale. Every change means SSH-ing into a server, editing config files, and hoping you don't break DNS resolution for your entire infrastructure. I built an open-source stack that turns BIND9 management into proper Infrastructure as Code. Here's what the stack looks like: The Architecture The solution has three components that work together: bind9-api — A REST API that sits on top of BIND9, providing HTTP endpoints for zone management, record CRUD, ACL management, DNSSEC, and more. Terraform Provider for BIND9 — A Terraform/OpenTofu provider that talks to the API, letting you manage DNS zones and records as code with full plan/apply workflow. Ansible Role — Handles the one-time deployment of both BIND9 and the API on your servers. The key design decision: Ansible manages infrastructure (installing BIND9, deploying the API) while Terraform manages content (zones, records, ACLs). Each tool does what it's best at. What You Can Do Manage 30+ DN