fix: clawbench email dns#178
Conversation
There was a problem hiding this comment.
Pull request overview
Updates the Terraform-managed Route53 DNS records for clawbench.<domain> email delivery, switching from a delegated sub-hosted-zone approach to managing Purelymail records directly in the parent hosted zone.
Changes:
- Removed the dedicated
clawbenchRoute53 hosted zone + NS delegation and instead targetaws_route53_zone.perryz_net_zonefor all records. - Defined MX, TXT (SPF + ownership), DKIM CNAMEs, and DMARC record for
clawbench.<domain>under the parent zone. - Normalized TTLs to numeric literals (e.g.,
3600).
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # SPF record | ||
| resource "aws_route53_record" "clawbench_spf" { | ||
| zone_id = aws_route53_zone.clawbench_subzone.zone_id | ||
| name = "" | ||
| type = "TXT" | ||
| ttl = "3600" | ||
| records = [ | ||
| "v=spf1 include:_spf.purelymail.com ~all" | ||
| ] | ||
| } | ||
|
|
||
| # Ownership TXT Record | ||
| resource "aws_route53_record" "clawbench_ownership" { | ||
| zone_id = aws_route53_zone.clawbench_subzone.zone_id | ||
| zone_id = aws_route53_zone.perryz_net_zone.zone_id | ||
| name = "clawbench.${var.domain_name}" | ||
| type = "TXT" | ||
| ttl = "300" | ||
| ttl = 3600 | ||
| records = [ | ||
| "purelymail_ownership_proof=05ebc6732a9fdf83aaac36fac2bfc3df55b2c5c3a698f16e89086d610c7265e2777f2982e1646833e0eca00f6835ad74dc00b98fde13c4b6e7ab16d4c29032aa" | ||
| "v=spf1 include:_spf.purelymail.com ~all", | ||
| "purelymail_ownership_proof=05ebc6732a9fdf83aaac36fac2bfc3df55b2c5c3a698f16e89086d610c7265e2777f2982e1646833e0eca00f6835ad74dc00b98fde13c4b6e7ab16d4c29032aa", | ||
| ] |
There was a problem hiding this comment.
clawbench_spf now contains both the SPF value and the purelymail_ownership_proof TXT value. The resource name/comment are misleading, and it makes future updates (e.g., rotating ownership vs SPF) harder to reason about. Consider either splitting this into two aws_route53_record resources (same name/type but different set_identifier / separate records) or renaming the resource/comment to reflect that it manages multiple TXT records.
| resource "aws_route53_record" "clawbench_dmarc" { | ||
| zone_id = aws_route53_zone.clawbench_subzone.zone_id | ||
| zone_id = aws_route53_zone.perryz_net_zone.zone_id | ||
| name = "_dmarc.clawbench.${var.domain_name}" | ||
| type = "CNAME" | ||
| ttl = "3600" | ||
| records = [ | ||
| "dmarcroot.purelymail.com." | ||
| ] | ||
| ttl = 3600 | ||
| records = ["dmarcroot.purelymail.com."] |
There was a problem hiding this comment.
The DMARC record is being published as a CNAME to dmarcroot.purelymail.com.. Elsewhere in this repo DMARC is consistently published as a TXT record at _dmarc.<domain> (e.g. apps/cloud-chat-app/usw2dev/dns.tf:26-32). If Purelymail doesn’t explicitly require a CNAME-based DMARC setup, consider switching this to a TXT v=DMARC1; ... policy record to align with the repo’s established DMARC pattern and avoid DMARC evaluation issues.
| # MX record | ||
| resource "aws_route53_record" "clawbench_mx" { | ||
| zone_id = aws_route53_zone.perryz_net_zone.zone_id | ||
| name = "clawbench.${var.domain_name}" |
There was a problem hiding this comment.
This change removes the delegated clawbench hosted zone/NS delegation and instead manages all email records directly in the parent perryz_net_zone. That will cause Terraform to destroy the clawbench hosted zone in state, which can fail if the zone contains any unmanaged records (and can cause DNS cutover/downtime depending on TTLs). Consider confirming the hosted zone is otherwise empty / not referenced elsewhere before applying, or documenting the required migration steps (and/or using force_destroy if appropriate).
No description provided.