Checking the TXT record before creating/updating/deleting A, PTR, and CNAME record

[cho00013]

build logic to check the TXT record BEFORE updating (create, update, delete) existing records. Currently the logic does not handle that.

From @badra001

I think an additional thing we need to put in place is a check on the heritage record.

If one exists for the resource, and it's heritage is different (NOT dynr53) we do not want to make the changes, and want to log that. This prevents something from creating their own record for something replacing something there. Like:

DNS
login.das.census.gov A some ip in cloud
TXT heritage/manual

Set up an instance as login.das.census.gov

Then it replaces the existing A record.

Ideally, we would include some sort of signature so that trying to fake it won't work. Like a JWT.

Probably need a bit more thought on this.

[cho00013]

That logic I think actually might be pretty extensive depending on how down the rabbit hole we want to go. I think one idea is to check the instance-id in the heritage record and ONLY create/update/delete it if it matches the instance-id that was in the event. I think that could a more straight-forward to safeguard the records.

[cho00013]

Delete action now checks for the heritage value.