Enable a secondary DNS provider for DDoS resistance

We currently utilize Amazon's Route 53 as a DNS service we will be transitioning to a different primary provider (DynDNS) and have Route53 as a secondary provider; managed and synced by OctoDNS via GitLab repositories and CI jobs.

• Establish DynDNS Contract.
• Create Route53 user w/ scoped permissions and access tokens for automation.
• Create DynDNS user w/ API tokens for automation.
• Slurp Route53 zone data into DynDNS using OctoDNS.
• Validate DynDNS data in all zones.
• Test OctoDNS generated changes for population into DynDNS & Route53.
• Change SOA & NS records for all zones.
• Automate CI job for OctoDNS commits.
• Generate runbook documentation.

Risk Assessment (r-21)