dnscontrol/docs/_providers/hetzner.md

---
name: Hetzner DNS Console
title: Hetzner DNS Console
layout: default
jsId: HETZNER
---

# Hetzner DNS Console Provider

## Configuration

In your credentials file, you must provide a
[Hetzner API Key](https://dns.hetzner.com/settings/api-token).

{% highlight json %}
{
  "hetzner": {
    "api_key": "your-api-key"
  }
}
{% endhighlight %}

## Metadata

This provider does not recognize any special metadata fields unique to Hetzner
 DNS Console.

## Usage

Example Javascript:

{% highlight js %}
var REG_NONE = NewRegistrar('none', 'NONE');
var HETZNER = NewDnsProvider("hetzner", "HETZNER");

D("example.tld", REG_NONE, DnsProvider(HETZNER),
    A("test","1.2.3.4")
);
{%endhighlight%}

## Activation

Create a new API Key in the
[Hetzner DNS Console](https://dns.hetzner.com/settings/api-token).

## Caveats

### SOA

Hetzner DNS Console does not allow changing the SOA record via their API.
There is an alternative method using an import of a full BIND file, but this
 approach does not play nice with incremental changes or ignored records.
At this time you cannot update SOA records via DNSControl.

### Rate Limiting

Hetzner is rate limiting requests in multiple tiers: per Hour, per Minute and
 per Second.

Depending on how many requests you are planning to perform, you can adjust the
 delay between requests in order to stay within your quota.

The setting `optimize_for_rate_limit_quota` controls this behavior and accepts
 a case-insensitive value of
- `Hour`
- `Minute`
- `Second`

The default for `optimize_for_rate_limit_quota` is `Second`.

Example: Your per minute quota is 60 requests and in your settings you
 specified `Minute`. DNSControl will perform at most one request per second.
 DNSControl will emit a warning in case it breaches the next quota.

In your `creds.json` for all `HETZNER` provider entries:
{% highlight json %}
{
  "hetzner": {
    "optimize_for_rate_limit_quota": "Minute",
    "api_key": "your-api-key"
  }
}
{% endhighlight %}

Every response from the Hetzner DNS Console API includes your limits:

{% highlight txt %}
$ curl --silent --include \
    --header 'Auth-API-Token: ...' \
    https://dns.hetzner.com/api/v1/zones \
  | grep x-ratelimit-limit
x-ratelimit-limit-second: 3
x-ratelimit-limit-minute: 42
x-ratelimit-limit-hour: 1337
{% endhighlight %}

Every DNSControl invocation starts from scratch in regard to rate-limiting.
In case you are frequently invoking DNSControl, you will likely hit a limit for
 any first request.
You can either use an out-of-bound delay (e.g. `$ sleep 1`), or specify
 `start_with_default_rate_limit` in the settings of the provider.
With `start_with_default_rate_limit` DNSControl uses a quota equivalent to
 `x-ratelimit-limit-second: 1` until it could parse the actual quota from an
 API response.

In your `creds.json` for all `HETZNER` provider entries:
{% highlight json %}
{
  "hetzner": {
    "start_with_default_rate_limit": "true",
    "api_key": "your-api-key"
  }
}
{% endhighlight %}
NEW PROVIDER: HETZNER DNS Console (#904) * HETZNER: implement the provider for Hetzner DNS Console Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: apply review feedback - add domain into error messages - insert sub-strings using `%q` - insert sub-errors using `%w` - change api.getZone() signature to return a (potentially `nil`) Zone pointer instead of a (potentially empty) Zone value - sort imports and confirm with `$ goimports -w providers/hetzner/` - use exact 'api_key' term in error message of settings validation - add blank line for logic separation - drop internal record id from correction messages Co-Authored-By: Tom Limoncelli <tlimoncelli@stackoverflow.com> Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: add request rate-limiting handling There are a limited number of data-points on how their rate-limiting works at this time. I deduce from my account to others and use a fixed/ constant backoff of 1s as the initial delay. Thereafter exponential increase with factor 2 (not needed at this time). Hetzner has not made any official statements on rate-limiting, so this is guesswork only. Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: address golint complaints - baseUrl -> baseURL - mark Record as private -> record - mark Zone as private -> zone - mark RequestRateLimiter as private -> requestRateLimiter - capitalize Id fields as ID - keep delay logic on same level, move return out of branch Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: rate_limited: init the response timestamp on requestRateLimiter Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: requestRateLimiter: align local variable with struct name Signed-off-by: Jakob Ackermann <das7pad@outlook.com> Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com> 2020-10-22 21:44:21 +08:00			`---`
			`name: Hetzner DNS Console`
			`title: Hetzner DNS Console`
			`layout: default`
			`jsId: HETZNER`
			`---`

			`# Hetzner DNS Console Provider`

			`## Configuration`

			`In your credentials file, you must provide a`
			`[Hetzner API Key](https://dns.hetzner.com/settings/api-token).`

			`{% highlight json %}`
			`{`
			`"hetzner": {`
			`"api_key": "your-api-key"`
			`}`
			`}`
			`{% endhighlight %}`

			`## Metadata`

			`This provider does not recognize any special metadata fields unique to Hetzner`
			`DNS Console.`

			`## Usage`

			`Example Javascript:`

			`{% highlight js %}`
			`var REG_NONE = NewRegistrar('none', 'NONE');`
			`var HETZNER = NewDnsProvider("hetzner", "HETZNER");`

			`D("example.tld", REG_NONE, DnsProvider(HETZNER),`
			`A("test","1.2.3.4")`
			`);`
			`{%endhighlight%}`

			`## Activation`

			`Create a new API Key in the`
			`[Hetzner DNS Console](https://dns.hetzner.com/settings/api-token).`

			`## Caveats`

			`### SOA`

			`Hetzner DNS Console does not allow changing the SOA record via their API.`
			`There is an alternative method using an import of a full BIND file, but this`
			`approach does not play nice with incremental changes or ignored records.`
			`At this time you cannot update SOA records via DNSControl.`

			`### Rate Limiting`

HETZNER: better rate limit handling (#936) * HETZNER: better rate limit handling - Hetzner is using a Proxy service 'kong' which broadcasts it limits - honor 'Retry-After' of 429 responses - delay requests per-se: see the amended docs for details Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: apply review feedback: store quotaName as lower case Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com> Signed-off-by: Jakob Ackermann <das7pad@outlook.com> Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com> 2020-11-17 01:26:52 +08:00			`Hetzner is rate limiting requests in multiple tiers: per Hour, per Minute and`
			`per Second.`

			`Depending on how many requests you are planning to perform, you can adjust the`
			`delay between requests in order to stay within your quota.`

			The setting `optimize_for_rate_limit_quota` controls this behavior and accepts
			`a case-insensitive value of`
			- `Hour`
			- `Minute`
			- `Second`

			The default for `optimize_for_rate_limit_quota` is `Second`.

			`Example: Your per minute quota is 60 requests and in your settings you`
			specified `Minute`. DNSControl will perform at most one request per second.
			`DNSControl will emit a warning in case it breaches the next quota.`

			In your `creds.json` for all `HETZNER` provider entries:
			`{% highlight json %}`
			`{`
			`"hetzner": {`
			`"optimize_for_rate_limit_quota": "Minute",`
			`"api_key": "your-api-key"`
			`}`
			`}`
			`{% endhighlight %}`

			`Every response from the Hetzner DNS Console API includes your limits:`
NEW PROVIDER: HETZNER DNS Console (#904) * HETZNER: implement the provider for Hetzner DNS Console Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: apply review feedback - add domain into error messages - insert sub-strings using `%q` - insert sub-errors using `%w` - change api.getZone() signature to return a (potentially `nil`) Zone pointer instead of a (potentially empty) Zone value - sort imports and confirm with `$ goimports -w providers/hetzner/` - use exact 'api_key' term in error message of settings validation - add blank line for logic separation - drop internal record id from correction messages Co-Authored-By: Tom Limoncelli <tlimoncelli@stackoverflow.com> Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: add request rate-limiting handling There are a limited number of data-points on how their rate-limiting works at this time. I deduce from my account to others and use a fixed/ constant backoff of 1s as the initial delay. Thereafter exponential increase with factor 2 (not needed at this time). Hetzner has not made any official statements on rate-limiting, so this is guesswork only. Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: address golint complaints - baseUrl -> baseURL - mark Record as private -> record - mark Zone as private -> zone - mark RequestRateLimiter as private -> requestRateLimiter - capitalize Id fields as ID - keep delay logic on same level, move return out of branch Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: rate_limited: init the response timestamp on requestRateLimiter Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: requestRateLimiter: align local variable with struct name Signed-off-by: Jakob Ackermann <das7pad@outlook.com> Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com> 2020-10-22 21:44:21 +08:00
			`{% highlight txt %}`
HETZNER: better rate limit handling (#936) * HETZNER: better rate limit handling - Hetzner is using a Proxy service 'kong' which broadcasts it limits - honor 'Retry-After' of 429 responses - delay requests per-se: see the amended docs for details Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: apply review feedback: store quotaName as lower case Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com> Signed-off-by: Jakob Ackermann <das7pad@outlook.com> Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com> 2020-11-17 01:26:52 +08:00			`$ curl --silent --include \`
			`--header 'Auth-API-Token: ...' \`
			`https://dns.hetzner.com/api/v1/zones \`
			`\| grep x-ratelimit-limit`
			`x-ratelimit-limit-second: 3`
			`x-ratelimit-limit-minute: 42`
			`x-ratelimit-limit-hour: 1337`
NEW PROVIDER: HETZNER DNS Console (#904) * HETZNER: implement the provider for Hetzner DNS Console Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: apply review feedback - add domain into error messages - insert sub-strings using `%q` - insert sub-errors using `%w` - change api.getZone() signature to return a (potentially `nil`) Zone pointer instead of a (potentially empty) Zone value - sort imports and confirm with `$ goimports -w providers/hetzner/` - use exact 'api_key' term in error message of settings validation - add blank line for logic separation - drop internal record id from correction messages Co-Authored-By: Tom Limoncelli <tlimoncelli@stackoverflow.com> Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: add request rate-limiting handling There are a limited number of data-points on how their rate-limiting works at this time. I deduce from my account to others and use a fixed/ constant backoff of 1s as the initial delay. Thereafter exponential increase with factor 2 (not needed at this time). Hetzner has not made any official statements on rate-limiting, so this is guesswork only. Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: address golint complaints - baseUrl -> baseURL - mark Record as private -> record - mark Zone as private -> zone - mark RequestRateLimiter as private -> requestRateLimiter - capitalize Id fields as ID - keep delay logic on same level, move return out of branch Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: rate_limited: init the response timestamp on requestRateLimiter Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: requestRateLimiter: align local variable with struct name Signed-off-by: Jakob Ackermann <das7pad@outlook.com> Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com> 2020-10-22 21:44:21 +08:00			`{% endhighlight %}`

HETZNER: better rate limit handling (#936) * HETZNER: better rate limit handling - Hetzner is using a Proxy service 'kong' which broadcasts it limits - honor 'Retry-After' of 429 responses - delay requests per-se: see the amended docs for details Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: apply review feedback: store quotaName as lower case Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com> Signed-off-by: Jakob Ackermann <das7pad@outlook.com> Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com> 2020-11-17 01:26:52 +08:00			`Every DNSControl invocation starts from scratch in regard to rate-limiting.`
			`In case you are frequently invoking DNSControl, you will likely hit a limit for`
			`any first request.`
			You can either use an out-of-bound delay (e.g. `$ sleep 1`), or specify
			`start_with_default_rate_limit` in the settings of the provider.
			With `start_with_default_rate_limit` DNSControl uses a quota equivalent to
			`x-ratelimit-limit-second: 1` until it could parse the actual quota from an
			`API response.`
NEW PROVIDER: HETZNER DNS Console (#904) * HETZNER: implement the provider for Hetzner DNS Console Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: apply review feedback - add domain into error messages - insert sub-strings using `%q` - insert sub-errors using `%w` - change api.getZone() signature to return a (potentially `nil`) Zone pointer instead of a (potentially empty) Zone value - sort imports and confirm with `$ goimports -w providers/hetzner/` - use exact 'api_key' term in error message of settings validation - add blank line for logic separation - drop internal record id from correction messages Co-Authored-By: Tom Limoncelli <tlimoncelli@stackoverflow.com> Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: add request rate-limiting handling There are a limited number of data-points on how their rate-limiting works at this time. I deduce from my account to others and use a fixed/ constant backoff of 1s as the initial delay. Thereafter exponential increase with factor 2 (not needed at this time). Hetzner has not made any official statements on rate-limiting, so this is guesswork only. Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: address golint complaints - baseUrl -> baseURL - mark Record as private -> record - mark Zone as private -> zone - mark RequestRateLimiter as private -> requestRateLimiter - capitalize Id fields as ID - keep delay logic on same level, move return out of branch Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: rate_limited: init the response timestamp on requestRateLimiter Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: requestRateLimiter: align local variable with struct name Signed-off-by: Jakob Ackermann <das7pad@outlook.com> Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com> 2020-10-22 21:44:21 +08:00
			In your `creds.json` for all `HETZNER` provider entries:
			`{% highlight json %}`
			`{`
			`"hetzner": {`
HETZNER: better rate limit handling (#936) * HETZNER: better rate limit handling - Hetzner is using a Proxy service 'kong' which broadcasts it limits - honor 'Retry-After' of 429 responses - delay requests per-se: see the amended docs for details Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: apply review feedback: store quotaName as lower case Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com> Signed-off-by: Jakob Ackermann <das7pad@outlook.com> Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com> 2020-11-17 01:26:52 +08:00			`"start_with_default_rate_limit": "true",`
NEW PROVIDER: HETZNER DNS Console (#904) * HETZNER: implement the provider for Hetzner DNS Console Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: apply review feedback - add domain into error messages - insert sub-strings using `%q` - insert sub-errors using `%w` - change api.getZone() signature to return a (potentially `nil`) Zone pointer instead of a (potentially empty) Zone value - sort imports and confirm with `$ goimports -w providers/hetzner/` - use exact 'api_key' term in error message of settings validation - add blank line for logic separation - drop internal record id from correction messages Co-Authored-By: Tom Limoncelli <tlimoncelli@stackoverflow.com> Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: add request rate-limiting handling There are a limited number of data-points on how their rate-limiting works at this time. I deduce from my account to others and use a fixed/ constant backoff of 1s as the initial delay. Thereafter exponential increase with factor 2 (not needed at this time). Hetzner has not made any official statements on rate-limiting, so this is guesswork only. Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: address golint complaints - baseUrl -> baseURL - mark Record as private -> record - mark Zone as private -> zone - mark RequestRateLimiter as private -> requestRateLimiter - capitalize Id fields as ID - keep delay logic on same level, move return out of branch Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: rate_limited: init the response timestamp on requestRateLimiter Signed-off-by: Jakob Ackermann <das7pad@outlook.com> * HETZNER: requestRateLimiter: align local variable with struct name Signed-off-by: Jakob Ackermann <das7pad@outlook.com> Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com> 2020-10-22 21:44:21 +08:00			`"api_key": "your-api-key"`
			`}`
			`}`
			`{% endhighlight %}`