We should improve our current  support of deploying an emergency DNS change when other dependent services are broken.
The final outcome should be:
- A non-working Gerrit or DNS should not prevent us to deploy a DNS change.
- As long as there is IP reachability between authdns and rechability from outside to at least to one authdns, we should be able to ssh into any authdns server, make an emergency commit in /srv/authdns/git and run authdns-update --SOME_OPTION to tell the script to sync from this local master instead of the usual path.
- The procedure to return to normal operations via Gerrit patch should be clearly documented.
- origin/master is not correctly updated on the hosts, running git status reports Your branch is ahead of 'origin/master' by 463 commits.. This is due because we execute git fetch $REMOTE with $REMOTE being either the Gerrit URL without specifying the branch or the authdns update ssh path. In both cases origin/remote HEAD is not correctly updated. We should fix the current scripts to maintain a clean local checkout with all references in order.
- the various scripts involved in cascade when calling authdns-update should be updated accordingly to add the new option and behave correctly in both scenarios (working Gerrit an local emergency patch)
- we rely on a working DNS for this to work, the authdns-update script should not rely on it and be able to run purely by IP, either storing them in the existing configuration file (/etc/wikimedia-authdns.conf) or directly in /etc/hosts.
The existing documentation  should still be valid for the worse case-scenario in which we can somehow reach the authdns server but they can't talk to each other.