ns1_zone does not support "primaries" or "secondaries" using IPv6 addresses

[chris-zenfolio]

Terraform Version

Terraform v0.12.19
+ provider.ns1 v1.6.4

Affected Resource(s)

ns1_zone

Terraform Configuration Files

######### ROOT-LEVEL CONFIG ############
terraform {
  required_version = ">= 0.12"
  required_providers {
    ns1 = "~> 1.6"
  }
}

variable "secondary_zone_list" {
    description = "This is a list of secondary DNS zones implemented as a \"List of Objects\""
    default = [
        {
            the_zone_name      = "0.0.2.8.7.0.0.0.2.6.2.ip6.arpa"
            autogen_ns         = true
            enable_dnssec      = false
            ns1_networks       = [ 0 ]
            primary_nameserver = "2620:78:2000:0e00::ffff"
            more_primaries     = [
                "2620:78:2000:0e00::fffe",
            ]
        },
        {
            the_zone_name      = "0.0.0.0.0.0.2.8.7.0.0.0.2.6.2.ip6.arpa"
            autogen_ns         = true
            enable_dnssec      = false
            ns1_networks       = [ 0 ]
            primary_nameserver = "2620:78:2000:0e00::ffff"
            more_primaries     = [
                "2620:78:2000:0e00::fffe",
            ]
        },

module "secondary_zone_creation" {
    source = "./modules/zone/secondary_zone"

    # Inputs
    zone_name             = var.secondary_zone_list[*].the_zone_name
    primary_ns            = var.secondary_zone_list[*].primary_nameserver
    addl_primaries        = var.secondary_zone_list[*].more_primaries
    autogen_ns_records    = var.secondary_zone_list[*].autogen_ns
    dnssec_enabled        = var.secondary_zone_list[*].enable_dnssec
    ns1_network_id        = var.secondary_zone_list[*].ns1_networks
}

########## MODULE CONFIGURATION #############
variable "zone_name" {
    description = "The domain name of the zone"
    type = list(string)
    # There is no default defined, as this is required to be specified every time.
}

/******** Time-To-Live Values ********/
/* Reference for description fields: https://ns1.com/resources/understanding-ttl-values-in-dns-records */
variable "primary_ns" {
    description = "The authoritative (primary) name server IP Address where this zone will get updates"
    type = list(string)
     # There is no default defined, as this is required to be specified every time.
}

variable "addl_primaries" {
    description = "More authoritative (primary) name server IP Addresses where this zone will get updates"
    type = list(list(string))
    # There is no default defined, as this is required to be specified every time.
    # If there are no additional primaries, then 
}

variable "dnssec_enabled" {
    description = "Is DNSSEC enabled for this zone? (Requires account-level DNSSEC support)"
    type = list(bool)
    # NS1 Default is to not enable DNSSEC support
}

variable "ns1_network_id" {
    description = "List of network IDs for which the zone is available. If no network is provided, the zone will be created in network 0, the primary NS1 Global Network."
    type = list
    # NS1 Default value is "computed", which turns out to be "[ 0, ]"
}

variable "autogen_ns_records" {
    description = "If set to false, clears the autogenerated NS record on zone creation. This allows an automated workflow for creating zones with the NS record in terraform state. Note that this option only has an effect when a zone is being created."
    type = list(bool)
    # The default value is TRUE.  Set this to false only if you need to specify name servers.
}

resource "ns1_zone" "secondary_zone" {
    count = length(var.zone_name)

    # required values (per NS1's provider docs)
    zone                   = var.zone_name[count.index]     # must be defined every time!
    primary                = var.primary_ns[count.index]    # Must be defined every time!
    additional_primaries   = length(var.addl_primaries[count.index]) != 0    ? var.addl_primaries[count.index]     : []    # Leave empty if not defined

    # IF the variable is not NULL, use the value in the variable. ELSE, assign it the NS1 Default Values
    dnssec                 = var.dnssec_enabled[count.index]     != null ? var.dnssec_enabled[count.index]     : false
    networks               = var.ns1_network_id[count.index]     != null ? var.ns1_network_id[count.index]     : [ 0 ]
    autogenerate_ns_record = var.autogen_ns_records[count.index] != null ? var.autogen_ns_records[count.index] : true
}

// No outputs have been defined yet

Debug Output

I think the error message is pretty clear on this one, since it gives the error and why it failed (regex failure).

Panic Output

No crash output

Expected Behavior

The terraform apply would have succeeded and the secondary zones created with a primary NS that has an IPv6 address.

Actual Behavior

terraform init and terraform plan succeeded with no issues, but terraform apply failed with the following error (repeated for every secondary zone I defined):

Error: PUT https://api.nsone.net/v1/zones/0.2.3.0.0.0.2.8.7.0.0.0.2.6.2.ip6.arpa: 400 Input validation failed (Value u'2620:78:2000:0e00::dc01' for field '<obj>.secondary.primary_ip' does not match regular expression '^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$')

  on modules/zone/secondary_zone/main.tf line 4, in resource "ns1_zone" "secondary_zone":
   4: resource "ns1_zone" "secondary_zone" {

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. Use the config above and execute terraform apply

Important Factoids

• I'm using IPv6 so I can avoid NAT-ting and to decrease the amount IPv4 addresses I am consuming. Some of my servers happen to be IPv6-only.
• I'm actually trying to create 14 Zones programmatically so I don't have to do it by hand.
• If this were Python, I'd actually have a routine for you that could be useful. But, I've never worked directly in Go. Sorry.

References

None that I know of.

[mburtless]

Hi there 👋 Thanks for reporting this issue, definitely appreciated!

I believe the issue you're seeing is actually a limitation of NS1, rather than a fault of the Terraform provider (the error you're seeing is being returned by the API, not generated from the Terraform provider).

As noted in NS1's API documentation, only IPv4 addresses are currently supported for primary and secondary nameservers (primary_ip in a secondary zone or secondaries in a primary zone). I'd recommend contacting support directly for more information on where support for IPv6 falls in their current roadmap.

That said, I do think it would be valuable to get a validator on these fields to make this limitation more transparent to users of this provider. I've create #107 to track this enhancement.

[chris-zenfolio]

I opened NS1 Support Ticket 23797 for a feature request to support IPv6 in the API. I will comment when I have a reference to the actual feature request.

[chris-zenfolio]

Also, the Terraform provider documentation for ns1_zone does not explicitly call out primaries and additional primaries as being "IPv4 only". The secondaries field does.

[mburtless]

Excellent point! I've created #108 to update the documentation for those parameters and clarify this limitation.

Thanks for contacting support with that feature request, I'm sure that will help them prioritize this enhancement.

To ensure Issues for this repo remain focused on the Terraform provider, I'm going to recommend we don't track feature requests against the NS1 platform here. Once NS1 supports IPv6 we can create new stories and open additional issues in this repo to enable support via Terraform. I recommend we close out this issue once the documentation is updated.

[chris-zenfolio]

The intent of the feature request info being here is not to track the feature as part of the TF provider, but to communicate with the TF Provider developers (aka "you") that a request was submitted and that you can track that stuff internally for later story development. Not fully-supporting IPv6 is a major shortcoming of NS1.

[mburtless]

@chris-zenfolio - Understood, thanks for the clarification and apologies for the misunderstanding on my part!

[mburtless]

#108 has been merged, should take affect on next minor or patch version release.