2023 Wrap-up and Outlook for 2024

[peteeckel]

2023

I want to take the opportunity of the rapidly approaching New Year to write a quick summary of the state of affairs regarding NetBox DNS.

This spring, NetBox 3.5 was released and required some changes to the plugin to be supported. Unfortunately, at the same time the company behind the original repository, Aurora Research Labs, suddenly disappeared and with it the moderators of auroraresearchlabs/netbox-dns.

Because I didn't want to keep everyone waiting for an uncertain solution of the situation (which hasn't materialised so far, so I guess it won't happen anymore) I decided to fork the old repository under my own account and create a new PyPI module, netbox-plugin-dns. While this situation is far from optimal - there is still traffic on the old repository, although it probably never will support any NetBox version beyond 3.4 and also won't get any new features or fixes - this has turned out to be the right decision.

Last year saw a couple of new features:

• NetBox 3.5 and 3.6 support (the latter didn't require any changes, which was a first)
• Python 3.12 support
• Extensive validation of resource record values and names
• Support for NetBox Tenancy
• A first experimental solution for IPAM/DNS integration (a big 'thank you' to @jean1!)
• Support for DNS zone registration information (registrars and contacts)

All of this would have been much more tedious and definitely slower without the support of all of you. It is often underrated how important issues are, but without good error reports no quality is possible, or at least it is not achievable without excessive effort. I learned a lot from many of the issues, and I hope I was able to solve most of them in a satisfactory way. So again, thanks to everyone contributing!

2024

What's in store for next year?

First of all, there will be the Chaos Communication Congress 2023 at the end of this year, and FOSDEM a bit into 2024. Should anyone want to get in touch personally: I will attend both events, just send me an e-mail.

One of the first features planned for 2024 is - finally - support for RFC2317 reverse zones. Probably (and unfortunately) no one of us will see the end of IPv4, so it's no use putting this off any longer. For anyone who doesn't know what I'm talking about: RFC2317 describes an ugly workaround for the fact that the smallest prefix size that can be delegated as an in-addr.arpa zone is /24, and providers have been giving out smaller prefixes for what seems like an eternity now. The development is actually pretty much finished, I just need to do some performance and stability tests and decide whether to simplify it a bit at the cost of the beauty of the solution.

The next big thing in the queue is DNSSEC (which is something I have been planning for a long time as well, but had to put it off again and again for a couple of reasons). I hope to get that finished witin the first half of the year, but as always it depends on some external factors such as customers paying me not to do NetBox DNS development (there is actually one customer who bids against them, paying me to do it - that helps a lot, although it's not sufficient to fence off the others :-)).

DNSSEC support is also likely to provide extensive automation within NetBox DNS - key management will be included, probably with the help of netbox-secrets, and so automatic zone signing and ZSK rotation are within scope. No work has been done so far, but if anyone has any ideas to contribute I'm open for discussion.

IPAM integration is the third major topic that will receive more attention in 2024 if time permits. The current solution is workable, but I think a higher level of automation can be achieved, and I hope to find the time to put some more thought into it.

There are some other ideas, among them a major cleanup of the code base and some refinements to the data model, which will not be visible on the surface but hopefully increase maintainability and stability and make further extensions easier.

If everything goes roughly according to plan, after RFC2317 and DNSSEC are implemented I'll release version 1.0.0 ... at some point it's time for this, and most of the primary features should be working by then.

To wrap this up: Thanks to all of you who contributed to this little project, you've been awesome! Have a good and quiet holiday season and I hope to see you all in 2024!

[peteeckel]

Another feature for 2024: Template Zones.

A template zone is essentially an ordinary zone that has a special 'Template' flag set. Template zones are always inactive, but they can be cloned like normal zones. The specialty is that when a template zone is cloned, all records in the template zone are copied to the target zone as well.

This makes it much easier to create zones with the same MX, CAA and other records like DKIM, SPF etc. TXT records.

[peteeckel]

After some long discussions with a couple of people I am re-thinking the plans to integrate DNSSEC in the way I originally intended to do it. In fact, in many cases DNSSEC zone signing is already done using other tools, and it does not make much sense to make it a central feature of NetBox DNS. That said, I am still planning to provide DNSSEC functionality, it just slipped down a bit on the list of priorities.

On the other hand, many hours of work went into the NetBox 4.0 support, and the result has become a lot more than a simple compatibility fix. That and the fact that RFC2317 has become the first major feature of the year, as well as NetBox DNS' new status as one of the first plugins that were officially certified by NetBox Labs should justify the switch to non-zero versions as soon as NetBox 4 comes out, probably on May 1st.