There's a philosophy issue here around what is the Bind output meant to
do. Since AFAIK we're not integrating into Bind's catalog zones or the
like, we're just targeting the zonefiles, we're not in a position to do
_anything_ relating to registrar options such as setting up DS glue.
So at one level, enabling AutoDNSSEC for Bind is a lie. But without
this, folks can't target a Bind zone as a secondary provider for their
domain, to get debug dumps of the zone output, because the checks for
"Can" block it. So I think this commit achieves a happy compromise: we
write a comment into the Bind zonefile, indicating that DNSSEC was
requested.
Actually: we add support for arbitrary zone comments to be written into
a zonefile via a slightly ugly "can be `nil`" parameter. We then write
in a generation timestamp comment, and if AutoDNSSEC was requested we
then write that in too.
* Add AUTODNSSEC, implement for DNSimple
There are two models for DNSSEC in DNS management: either dnscontrol
manages all the DNSSEC records and has to be invoked regularly for
re-signing, or the provider manages DNSSEC automatically and dnscontrol
is not involved beyond saying "yeah, do that".
This implements the latter, as a model, and for one provider.
Potentially we could tune/configure options for DNSSEC such as
algorithm, but DNSimple don't expose that API so I haven't implemented
it.
This minimal model should be something which maps into other providers
cleanly.
* Fix missing CanAutoDNSSEC on provider
* Validation fix for master broken
This is broken in master and causing Travis in my branch to fail. The
validation tool runs with `gofmt -s` to require "simplify", and so
rejects an ignored second bound variable to range iteration.
* Correct wire in the AUTODNSSEC validation step
* Add GetZoneRecords to DNSProvider interface
* dnscontrol now uses ufave/cli/v2
* NEW: get-zones.md
* HasRecordTypeName should be a method on models.Records not models.DomainConfig
* Implement BIND's GetZoneRecords
* new WriteZoneFile implemented
* go mod vendor
* Update docs to use get-zone instead of convertzone
* Add CanGetZone capability and update all providers.
* Get all zones for a provider at once (#626)
* implement GetZoneRecords for cloudflare
* munge cloudflare ttls
* Implement GetZoneRecords for cloudflare (#625)
Co-authored-by: Craig Peterson <192540+captncraig@users.noreply.github.com>
Although _mta-sts is normally used with a TXT record it can
also be used with a CNAME record to delegate the authority.
See sections 3.1 and 8.2 of RFC8461 for details.
* CloudFlare provider is missing quotes on a JSON struct tag.
* ACME package has a unnecessary JSON struct tag.
* Route53 provider has an unreachable return.
* Replaced errors.Wrap with fmt.Errorf (#589)
* Find: errors\.Wrap\(([^,]+),\s+(["`][^"`]*)(["`])\)
Replace: fmt.Errorf($2: %w$3, $1)
* Replaced errors.Wrapf with fmt.Errorf (#589)
* Find: errors\.Wrapf\(([^,]+),\s+(["`][^"`]*)(["`])\)
Replace: fmt.Errorf($2: %w$3, $1)
* Find: errors\.Wrapf\(([^,]+),\s+(["`][^"`]*)(["`])(,[^)]+)\)
* Replace: fmt.Errorf($2: %w$3$4, $1)
* Replaced errors.Errorf with fmt.Errorf (#589)
* Find: errors\.Errorf
Replace: fmt.Errorf
* Cleaned up remaining imports
* Cleanup
* Regenerate provider support matrix
This was broken by #533 ... and it's now the third time this has been missed.
* Switched to v2 go.mod
Also set GO111MODULE=on in build stuff to always use Go modules
even when in GOPATH.
* Ensure go.mod, go.sum, and vendor are up to date
* Attempt to fix Azure pipelines
* Add set -e to properly fail on exit (it didn't seem to be
propagating properly before).
* Set workingDirectory for GoFmt and GoGen (this might be why it
fails unlike compile and unitests).
* Another attempt to fix Azure Pipelines
* Use the Go env template for all go-related jobs.
* Completely fixed Azure Pipelines
* Added a display name to GoFmt for consistency.
* Fixed diffs for GoFmt and GoGen.
* Show git status for checks.
* Drop GOPATH for tests
TODO: Do the same for integration tests.
* Drop GOPATH for integration tests
* Show more diffs
* Regenerate provider support matrix
This wasn't done in #590...
FYI: The support is very minimal. It only supports redirect if it is the last item in an SPF record. At that point, it is equivalent to include.
* In SFP, treat redirect like a special include.
* Document SPF redirect: limited implementation.
* Improve comments in checkLabel
* Reformat labelUnderscores to make it easier to add to
* Add to exception list for label warnings
* Add underscores in hostnames to the opinions list.
* models/record.go: SRV targets are case insensitive. Downcase them.
* models/t_srv.go: Rename setTargetIntAndStrings() to setTargetSRVIntAndStrings() (makes it easier to search for /setTargetSRV/).
* pkg/js/parse_tests/021-srv.js*: SRV: Add parse_tests
* pkg/normalize/validate.go: SRV targets are hostnames, turn into FQDNs.
* Add #rtype_variations warnings for future developers
* new abstraction around storage
* re-work completely to fit new acme package pre-solving paradigm
* vault storage plugin
* add some vendor
* delete old vendor pinning mechanism
This:
* adds a global -v flag for verbosity
* refactors the "printer" package to have a DefaultPrinter and package
functions that call it, similar to net/http's DefaultServeMux
* adds printer tests
* moves current users of Debugf to Printf
* moves most users of the "log" package to use "printer"
* demotes noticably noisy log messages to "Debugf", like "IGNORE"-
and "NO_PURGE"-related messages
