StackExchange/dnscontrol
1
1
Fork 0
mirror of https://github.com/StackExchange/dnscontrol.git synced 2025-01-10 17:38:13 +08:00
Code Issues Projects Releases Packages Wiki Activity

DOCS: Add DOH example (#1393)

Browse source
This commit is contained in:
Tom Limoncelli 2022-02-02 12:28:07 -05:00 committed by GitHub
parent 272064a603
commit 98a951885e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 54 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
docs/_providers/doh.md
View file

@ -6,7 +6,7 @@ jsId: DNSOVERHTTPS
---
# DNS-over-HTTPS Provider
This is a read-only/monitoring "registrar". It does a DNS NS lookup to confirm the nameserver servers are correct. This "registrar" is unable to update the NS servers but will alert you if they are incorrect. A common use of this provider is when the domain is with a registrar that does not have an API.
This is a read-only/monitoring "registrar". It does a DNS NS lookup to confirm the nameserver servers are correct. This "registrar" is unable to update/correct the NS servers but will alert you if they are incorrect. A common use of this provider is when the domain is with a registrar that does not have an API.
## Configuration
The DNS-over-HTTPS provider does not require anything in `creds.json`. By default, it uses Google Public DNS however you may configure an alternative RFC 8484 DoH provider.
@ -19,10 +19,10 @@ The DNS-over-HTTPS provider does not require anything in `creds.json`. By defaul
}
{% endhighlight %}
Some common DoH providers are `cloudflare-dns.com` [Cloudflare](https://developers.cloudflare.com/1.1.1.1/dns-over-https), `9.9.9.9` [Quad9](https://www.quad9.net/about/), and `dns.google` [Google Public DNS](https://developers.google.com/speed/public-dns/docs/doh)
Some common DoH providers are `cloudflare-dns.com` ([Cloudflare](https://developers.cloudflare.com/1.1.1.1/dns-over-https)), `9.9.9.9` ([Quad9](https://www.quad9.net/about/)), and `dns.google` ([Google Public DNS](https://developers.google.com/speed/public-dns/docs/doh)).
## Metadata
This provider does not recognize any special metadata fields unique to Internet.bs.
This provider does not recognize any special metadata fields unique to DOH.
## Usage
Example Javascript:

80
docs/nameservers.md
View file

@ -1,12 +1,9 @@
---
layout: default
title: Nameservers
title: Nameservers and Delegations
---
# Nameservers
{% highlight javascript %}
{% endhighlight %}
# Nameservers and Delegations
DNSControl can handle a variety of provider scenarios. The registrar and DNS
provider can be the same company, different company, they can even be unknown!
@ -15,7 +12,7 @@ The document shows examples of many common and uncommon configurations.
* TOC
{:toc}
## Constants
# Constants
All the examples use the variables. Substitute your own.
@ -39,6 +36,8 @@ var DNS_CLOUDFLARE = NewDnsProvider("cloudflare_main", "CLOUDFLAREAPI");
var DNS_BIND = NewDnsProvider("bind", "BIND");
{% endhighlight %}
# Typical Delegations
## Same provider for REG and DNS
Purpose:
@ -165,28 +164,6 @@ D("example1.com", REG_NAMECOM,
);
{% endhighlight %}
## Backup your zone
Purpose:
Make backups of DNS records in a zone. This generates a zonefile listing all
the records in the zone.
Why?
You want to write out a BIND-style zonefile for debugging, historical, or
auditing purposes. Some sites do backups of these zonefiles to create a history
of changes. This is different than keeping a history of `dnsconfig.js` because
this is the output of DNSControl, not the input.
NOTE: This won't work if you use pseudo rtypes that BIND doesn't support.
{% highlight javascript %}
D("example1.com", REG_NAMECOM,
DnsProvider(DNS_NAMECOM),
DnsProvider(DNS_BIND, 0), // Don't activate any nameservers related to BIND.
A("@", "10.2.3.4")
);
{% endhighlight %}
## Dual DNS Providers
Purpose:
@ -212,6 +189,51 @@ D("example1.com", REG_NAMECOM,
);
{% endhighlight %}
# Other uses
## Make zonefile backups
Purpose:
Make backups of DNS records in a zone. This generates a zonefile listing all
the records in the zone.
Why?
You want to write out a BIND-style zonefile for debugging, historical, or
auditing purposes. Some sites do backups of these zonefiles to create a history
of changes. This is different than keeping a history of `dnsconfig.js` because
this is the output of DNSControl, not the input.
NOTE: This won't work if you use pseudo rtypes that BIND doesn't support.
{% highlight javascript %}
D("example1.com", REG_NAMECOM,
DnsProvider(DNS_NAMECOM),
DnsProvider(DNS_BIND, 0), // Don't activate any nameservers related to BIND.
A("@", "10.2.3.4")
);
{% endhighlight %}
## Monitor delegation
Purpose:
You don't control the registrar but want to detect if the delegation changes.
You can specify the existing nameservers in `dnsconfig.js` and you will get
a notified if the delegation diverges.
Why?
Sometimes you just want to know if something changes!
See the <a href="{{site.github.url}}/providers/doh">DNS-over-HTTPS Provider</a> documentation for more info.
{% highlight javascript %}
var REG_MONITOR = NewRegistrar('DNS-over-HTTPS', 'DNSOVERHTTPS');
D("example1.com", REG_MONITOR,
NAMESERVER("ns1.example1.com."),
NAMESERVER("ns2.example1.com."),
);
{% endhighlight %}
# Helper macros
DNSControl has some built-in macros that you might find useful.
@ -240,6 +262,6 @@ DOMAIN_ELSEWHERE_AUTO("example1.com", REG_NAMECOM, DNS_AWS);
DOMAIN_ELSEWHERE_AUTO("example2.com", REG_NAMECOM, DNS_GOOGLE);
{% endhighlight %}
# Warning!
# Limits
{% include alert.html text="Note: Not all providers allow full control over the NS records of your zone. It is not recommended to use these providers in complicated scenarios such as hosting across multiple providers. See individual provider docs for more info." %}