* Implement main feature
* BIND: Permit printf-like file name formats
* BIND: Make filenameformat work forwards and backwards.
* Fix extrator test cases
This type is identical to TXT but used for other purposes, it is
officially supported by OctoDNS.
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
* Add PTR support for ClouDNS
* Implement PTR Support for CLouDNS
* implemnent DS Record for ClouDNS
* implement DS record for clouDNS
* pull request review
* note that SshFpAlgorithm and DsAlgorithm both use json field algorithm
* primitive rate limit and fix order of NS/DS-entries
* codefixes
Co-authored-by: IT-Sumpfling <it-sumpfling@maxit-con.de>
Co-authored-by: bentaybi jamal <jamal@pfalzcloud.de>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
* maint: OVH doesn't support Null MX
so, better exclude this provider from the Null MX integration test.
* (#1003) OVH natively supports TXT multistrings
OVH directly supports multistrings TXT, so this change just enables
this feature.
* Add PTR support for ClouDNS
* Implement PTR Support for CLouDNS
Co-authored-by: IT-Sumpfling <it-sumpfling@maxit-con.de>
Co-authored-by: bentaybi jamal <jamal@pfalzcloud.de>
* js_test.go: Do a zonefile test if $TESTNAME/parse_tests/{zonefile} exists.
* Add parse_tests zone files for all the tests that make sense.
* js_test.go: Addd the test datafile when displaying failures.
* 007-importTransformTTL.js: Was referring to a non-existent domain.
* 012-duration.js: Had duplicate DNS records.
* 029-dextendsub.js: Move CF-related tests to separate test.
* validate.go: Report non-existent domains as an error.
* cloudflareProvider.go: newCloudflare should not talk to the API.
* HETZNER: better rate limit handling
- Hetzner is using a Proxy service 'kong' which broadcasts it limits
- honor 'Retry-After' of 429 responses
- delay requests per-se: see the amended docs for details
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* HETZNER: apply review feedback: store quotaName as lower case
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Previously for any retry the request body was already consumed and
the server received an empty body.
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
* HETZNER: implement the provider for Hetzner DNS Console
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* HETZNER: apply review feedback
- add domain into error messages
- insert sub-strings using `%q`
- insert sub-errors using `%w`
- change api.getZone() signature to return a (potentially `nil`) Zone
pointer instead of a (potentially empty) Zone value
- sort imports and confirm with `$ goimports -w providers/hetzner/`
- use exact 'api_key' term in error message of settings validation
- add blank line for logic separation
- drop internal record id from correction messages
Co-Authored-By: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* HETZNER: add request rate-limiting handling
There are a limited number of data-points on how their rate-limiting
works at this time. I deduce from my account to others and use a fixed/
constant backoff of 1s as the initial delay. Thereafter exponential
increase with factor 2 (not needed at this time).
Hetzner has not made any official statements on rate-limiting, so this
is guesswork only.
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* HETZNER: address golint complaints
- baseUrl -> baseURL
- mark Record as private -> record
- mark Zone as private -> zone
- mark RequestRateLimiter as private -> requestRateLimiter
- capitalize Id fields as ID
- keep delay logic on same level, move return out of branch
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* HETZNER: rate_limited: init the response timestamp on requestRateLimiter
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* HETZNER: requestRateLimiter: align local variable with struct name
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
* VULTR: Update govultr to v1.0.0 (fixes#892) (#897)
* go get -u github.com/hexonet/go-sdk
* Fix HEXONET providers.json entry
* providers.json: json commma
* providers.json: fmtjson
* HEXONET: Implement get-zones. Fix tests and docs.
* fixup!
* Update azure test failures
* Move version info into its own package
* Use new version system
* fix get-zones code block indentation
* extend D_EXTEND to handle subdomains
* fix targets: make absolute incl. subdomain where necessary
* clarify subdomain target test (not IP && not fqdn)
* Add parse_tests for D and D_EXTEND
* _getDomainObject: examine all domains
* human readable form
* consistent test IP addresses
* Improve docs and formatting
* propagate subdomain to canonicalisation
* en-US spelling
* rm extraneous console.log
* ignore subdomain for CF_REDIRECT
* clarify D_EXTEND doc re. CF_REDIRECT
* rm extraneous linebreak
* _getDomainObject: examine all domains
* human readable form
* consistent test IP addresses
* propagate subdomain to canonicalisation
* en-US spelling
* rm extraneous console.log
* ignore subdomain for CF_REDIRECT
* clarify D_EXTEND doc re. CF_REDIRECT
* rm extraneous linebreak
* GANDI_V5: Use github.com/go-gandi/go-gandi, not github.com/tiramiseb/go-gandi (#883)
* DOCUMENTATION: Fix error in CNAME.md (#877)
The current example `CNAME("def", "test.subdomain"), // def.example.com -> test.subdomain.example.com` is invalid (correctly raises a validation error, "ERROR: in CNAME def.example.com: target (test.subdomain) must end with a (.)")
* typos, fmt; example syntax fixes and real output
* formatting; re-add lost comment
* RecordConfig subdomain should be nullable
* providers/cscglobal/api.go: Fix fmt string
* More tests and docs
* go generate
Co-authored-by: Ben L <47653825+ad8-bdl@users.noreply.github.com>
* Support create-domains for INWX
* Use own function to decide which NS to use when sandbox
* Updated docs via go generate
* Move domainIndex into inwxAPI struct
* Changed getDefaultNameservers() IF
* Make Tom happy
* Updated docs via go generate
* Add initial dns.he.net provider support
* Update to new IncrementalDiff interface
* Fix ListZones output for `all` query on `get-zones`
* Refactor authentication code for 2FA with better error checking
* Fix integration test and refactor zone record retrieval
* Add option to use `.hedns-session` file to store sessions between runs
* Add comment on `session-file-path`
* Add integration test for TXT records longer than 255 characters
* Add additional checks for expected responses, and better 2FA error checking
* Minor documentation changes
* Revert "Add integration test for TXT records longer than 255 characters"
This reverts commit 657272db
* Add note on provider fragility due to parsing the web-interface
* Resolve go lint issues
* Clarify security warnings in documentation
* adds initial support for INWX
* adds all features to the INWX provider
* allows domain for tests in creds.json for INWX
* runs go generate to update docs for INWX
* fixes formatting with gofmt
* changes goinwx to github.com/nrdcg/goinwx v0.8.0
* simplifies inwx sandbox check
* changes inwx unknown key error to a warning
* adds models.PostProcessRecords for inwx records
* replaces strings.TrimRight with [:-1] to remove final dot for inwx
* adds a comment about the domain creds.json key for the inwx provider
* removes warning for invalid creds.json keys in the inwx provider
* adds TOTP calculation support for inwx
* adds comments to inwxProvider
* improves INWX error messages
* adds additional documentation about the TOTP support for INWX
* adds inwx documentation
* bumps goinwx to 0.8.1 to fix the inwx API
This functionality is required by the GCLOUD provider, which supports
recordsets of type DS but only for child records of the zone, to enable
further delegation. It does not support them at the apex of the zone (@)
because Google Cloud DNS is not itself a registrar which needs to model
this information.
A related change (14ff68b151, #760) was
previously introduced to enable DS support in Google, which broke
integration tests with this provider.
To cleanly support this, we introduce a new provider capability
CanUseDSForChildren and appropriate integration tests. Further, it is no
longer possible to verify a provider has the proper capabilities for a
zone simply by existence of particular records; we adapt the capability
checks to enable inspection of the individual recordsets where this is
required.
Closes#762
Thanks to @haraldkoch for starting this, @McNetic for picking it up.
* Added DS record type
* Added DS for cloudflare provider with tests
* Removed DS validation, fixed parse test
* Added generated files
* Added dnsimple ds record
* Regenerated documentation matrix
* rebased and regenerated
* Updated integration tests
* Rebase and regenerate
* Enable DS record type for provider desec
* Added DS record type
* Added DS for cloudflare provider with tests
* Removed DS validation, fixed parse test
* Added generated files
* Added dnsimple ds record
* Regenerated documentation matrix
* rebased and regenerated
* Updated integration tests
* Rebase and regenerate
* Enable DS record type for provider desec
* Rebase and fixes
Co-authored-by: Robert Koch <robert@kochie.io>
Co-authored-by: Nicolai Ehemann <nicolai.ehemann@enerko-informatik.de>
* Update DNSimple-go to 0.61
This adds support for contexts, exports all return values, Adds ZoneRecordAttributes to fix support for blank record names.
* Add UserAgent to client
* Update Integration test for DNSimple
We now support Empty TXT, however we do not support Null MX yet.
* Bump to dnsimple-go 0.62 & use dnsimple.String()
* Add initial deSEC support
* Handle the api rate limiting
* Fix deleteRR and do some code cleanup
* improve rate limiting and record deletion
* Add documentation for deSEC provider
* README.md update list of supported DNS providers
* deSEC supports SSHFP records
* dynamic minimum_ttl and hint for DNSSec on domain creation
* merge all changes into one single bulk api request
* Fix: actually set the TTL to min_ttl if necessary
* use a constant for apiBase URL
* Fix code comments
* Use PUT instead of PATCH for upsertRR method
* use ' instead of " for java script examples
* Add support for netcup DNS api.
* Add documentation page.
* Update reference to new version path.
* Add OWNERS entry for netcup.
* Add credentials for integration test. Netcup does not support PTRs. Fix parsing/formating of SRV records.
* Skip integration tests that are not supported.
* Use single quotes in JS code.
* Fix#702: Spurious null MX changes on CloudFlare
* Test roundtripping null MX on Cloudflare
* Use an if instead of TrimSuffix
* Add other providers that support RFC 7505
* Suppress test for non-compliant providers
Final changes before V3.0.0 release
* Remove old Gandi. Fixes#575
* Many cleanups
* go mod tidy && go mod vendor
* integration_test.go: Output subtest name
* Cleanups
* integration_test.go: Description should include sub-test name
* Add a whitespace test to js/parse_tests/017-txt.js
* Cloudflare strips whitespace from end of TXT
* Fixes https://github.com/StackExchange/dnscontrol/issues/700
* Whitespace at end of TXT records
Name.com strips the whitespace from the end of a TXT record. There's
nothing we can do other than file a bug.
* Fixes https://github.com/StackExchange/dnscontrol/issues/701
* Refactor tests into "groups", each with its own filter (not/only/requires) to select which providers are appropriate.
* Test driver code is now a lot more simple and clear.
* Add support for not(), only(), and requires() as a way to select/reject providers for a test.
* Add docs explaining how to add tests
* Logging messages are much cleaner now, especially when tests are skipped.
* -start and -end now refer to test groups, not individual tests. Log messages list the group numbers clearly.
* Add stringer for Capabilities
* Change the order of the tests so that simple tests are first
* Removed knownFailures from providers.json
* fmtjson providers.json
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Commit 87ad01d added the very useful `get-zones` command, which
requires providers to implement a new method `GetZoneRecords`.
This changes make the OVH provider support this.
* Update Exoscale provider
* Update vendor folder for exoscale/egoscale v0.23.0
* Fix typos and SRV parsing
* Add . at the end of SRV records for exoscale
* The old algorithm was very complex for no good reason.
* The new algorithm is simply: Use yymmdd00 or (previous serial number +1) whichever is bigger.
* github.com/miekg/dns
* Greatly simplify the logic for handling serial numbers. Related code was all over the place. Now it is abstracted into one testable method makeSoa. This simplifies code in many other places.
* Update docs/_providers/bind.md: Edit old text. Add SOA description.
* SOA records are now treated like any other record internally. You still can't specify them in dnsconfig.js, but that's by design.
* The URL for issue 491 was wrong in many places
* BIND: Clarify GENERATE_ZONEFILE message
There's a philosophy issue here around what is the Bind output meant to
do. Since AFAIK we're not integrating into Bind's catalog zones or the
like, we're just targeting the zonefiles, we're not in a position to do
_anything_ relating to registrar options such as setting up DS glue.
So at one level, enabling AutoDNSSEC for Bind is a lie. But without
this, folks can't target a Bind zone as a secondary provider for their
domain, to get debug dumps of the zone output, because the checks for
"Can" block it. So I think this commit achieves a happy compromise: we
write a comment into the Bind zonefile, indicating that DNSSEC was
requested.
Actually: we add support for arbitrary zone comments to be written into
a zonefile via a slightly ugly "can be `nil`" parameter. We then write
in a generation timestamp comment, and if AutoDNSSEC was requested we
then write that in too.
* Add AUTODNSSEC, implement for DNSimple
There are two models for DNSSEC in DNS management: either dnscontrol
manages all the DNSSEC records and has to be invoked regularly for
re-signing, or the provider manages DNSSEC automatically and dnscontrol
is not involved beyond saying "yeah, do that".
This implements the latter, as a model, and for one provider.
Potentially we could tune/configure options for DNSSEC such as
algorithm, but DNSimple don't expose that API so I haven't implemented
it.
This minimal model should be something which maps into other providers
cleanly.
* Fix missing CanAutoDNSSEC on provider
* Validation fix for master broken
This is broken in master and causing Travis in my branch to fail. The
validation tool runs with `gofmt -s` to require "simplify", and so
rejects an ignored second bound variable to range iteration.
* Correct wire in the AUTODNSSEC validation step
* dnsimple: bug-fix SSHFP, add multi TXT support
The default logic for encoding SSHFP records was dropping the key and
hash algorithms and just posting the content, the `Can` check didn't
stop attempts to use SSHFP. So, implement SSHFP support.
DNSimple support multiple DNS strings in a TXT record, by representing
the payload as quoted strings already. This doesn't appear to be
documented, but it does actually work.
* Update docs support matrix too
* fix go fmt missing upstream
Tests failing on my branch for something broken upstream
* fix typo in error message
* Update to latest dnsimple-go
* Implement GetZoneRecords
* Better naming
* Return NS records in GetZoneRecords
* Be clearer with the comment.
As an employee I confirm this is exactly how this works. No guessing needed.
* Respect that Puncycode encoding can blow up
* Implement ListZones and the ZoneLister Interface
* Categorize DNSIMPLE
* Update docs with go generate
* vendor modules
* Don't store intermediary Zone data
* Add GetZoneRecords to DNSProvider interface
* dnscontrol now uses ufave/cli/v2
* NEW: get-zones.md
* HasRecordTypeName should be a method on models.Records not models.DomainConfig
* Implement BIND's GetZoneRecords
* new WriteZoneFile implemented
* go mod vendor
* Update docs to use get-zone instead of convertzone
* Add CanGetZone capability and update all providers.
* Get all zones for a provider at once (#626)
* implement GetZoneRecords for cloudflare
* munge cloudflare ttls
* Implement GetZoneRecords for cloudflare (#625)
Co-authored-by: Craig Peterson <192540+captncraig@users.noreply.github.com>
* CloudFlare provider is missing quotes on a JSON struct tag.
* ACME package has a unnecessary JSON struct tag.
* Route53 provider has an unreachable return.
* Replaced errors.Wrap with fmt.Errorf (#589)
* Find: errors\.Wrap\(([^,]+),\s+(["`][^"`]*)(["`])\)
Replace: fmt.Errorf($2: %w$3, $1)
* Replaced errors.Wrapf with fmt.Errorf (#589)
* Find: errors\.Wrapf\(([^,]+),\s+(["`][^"`]*)(["`])\)
Replace: fmt.Errorf($2: %w$3, $1)
* Find: errors\.Wrapf\(([^,]+),\s+(["`][^"`]*)(["`])(,[^)]+)\)
* Replace: fmt.Errorf($2: %w$3$4, $1)
* Replaced errors.Errorf with fmt.Errorf (#589)
* Find: errors\.Errorf
Replace: fmt.Errorf
* Cleaned up remaining imports
* Cleanup
* Regenerate provider support matrix
This was broken by #533 ... and it's now the third time this has been missed.
* Switched to v2 go.mod
Also set GO111MODULE=on in build stuff to always use Go modules
even when in GOPATH.
* Ensure go.mod, go.sum, and vendor are up to date
* Attempt to fix Azure pipelines
* Add set -e to properly fail on exit (it didn't seem to be
propagating properly before).
* Set workingDirectory for GoFmt and GoGen (this might be why it
fails unlike compile and unitests).
* Another attempt to fix Azure Pipelines
* Use the Go env template for all go-related jobs.
* Completely fixed Azure Pipelines
* Added a display name to GoFmt for consistency.
* Fixed diffs for GoFmt and GoGen.
* Show git status for checks.
* Drop GOPATH for tests
TODO: Do the same for integration tests.
* Drop GOPATH for integration tests
* Show more diffs
* Regenerate provider support matrix
This wasn't done in #590...
* ClouDNS: first version of provider
* ClouDNS: documentation
* ClouDNS: code cleanup
* ClouDNS: GetNameservers now uses ClouDNS API to fetch NS servers list
* ClouDNS: CAA support
* ClouDNS: TLSA support
* ClouDNS: tests credentials now use variables instead of hardcoded values
* ClouDNS: SSHFP support
* ClouDNS: export only necessary methods
According to the RFC, the way to indicate that a SRV has no target is to set the target to ".". Some providers do not handle this, or the API returns "" instead of ".". This situation is now tested in the integration tests and all providers (that support this) have been fixed.
* Cloudflare: Fix decoding empty SRV target (fixes#561)
SRV records with empty (".") targets are now returned as false by
the API, which breaks Unmarshaling it into a string.
* Use custom type for Cloudflare SRV target
Rewrote the SRV target decoding to use a custom type for (un)marshaling, as
Cloudflare returns false for null targets, but it requires a single period
for giving it one. The target code has also been made more flexible to future
API changes with additional normalization.
This has been tested with record creation, deletion, and update and works
as of 2019-11-05.
* DigitalOcean: Fix target FQDN for null targets
Without this, dnscontrol thinks an update is needed (.. != .) even
when the SRV target is correct.
* DNSimple: Fix parsing of null SRV target
DNSimple only returns two fields when the target is null.
* NameDotCom: Add note about not supporting null SRV targets, skip test
* DNSimple: Do not append a . unless we have all three parts
Signed-off-by: Amelia Aronsohn <squirrel@wearing.black>
* Regenerated provider matrix
Cloudflare API tokens are a new way to authenticate to Cloudflare API.
Unlike the Global API key, tokens can be given specific permissions to
only access parts of the API. See [1] for details.
[1] https://blog.cloudflare.com/api-tokens-general-availability/
This commit introduces a new credential for cloudflare called
`apitoken`, which is mutually exclusive with `apiuser` and `apikey`.
In order for DNSControl to work with this token, it should have the
right to read DNS zones and edit DNS records.
Closes#534
* gandi/livedns: Print actual changes to be pushed
Currently, preview & push output prints all domain records values:
$ dnscontrol preview
----- DNS Provider: gandi...1 correction
#1: Setting dns records for example.com:
mail.example.com.
1.2.3.4
"ga"
"bu"
"zo"
With this change, it would only show what changes from current state:
$ dnscontrol preview
----- DNS Provider: gandi...1 correction
#1: Setting dns records for example.com:
CREATE TXT ga.example.com "ga" ttl=10800
MODIFY TXT bu.example.com "bu" ttl=10800
DELETE TXT meu.example.com "meu" ttl=10800
* Add import
* condense AD 'unsupported record type' warnings
* active directory provider can create/modify/delete NS records!
* ad passes more of the tests now
* skip root NS records for safety
* clarifying comment
- Support DelegationSet for Route53 (create-domains only)
- Retry Route53 operations which fail for rate limits under large numbers of domains
- Support for name_server_set for GCloud (create-domains only)
- Docs for both
* Maint: run generate for missing documentation
Apparently current master is missing some generated documentation.
* Populate ovh zones cache as early as possible (#412)
We are caching the OVH zones in GetNameservers.
It turns out it isn’t a good idea, because GetNameServers will not be called
if the user selects no name servers for a given domain by using for example:
```
D(‘my domain’, DnsProvider(ovh, 0)) {
}
```
The subsequent GetDomainCorrections would automatically fail
with an unknown domain error, because the zones cache hasn’t been
filled in.
To solve the issue, the ovh provider now populates the zones cache during
initialisation.
This:
* adds a global -v flag for verbosity
* refactors the "printer" package to have a DefaultPrinter and package
functions that call it, similar to net/http's DefaultServeMux
* adds printer tests
* moves current users of Debugf to Printf
* moves most users of the "log" package to use "printer"
* demotes noticably noisy log messages to "Debugf", like "IGNORE"-
and "NO_PURGE"-related messages
Previously, unnecessary corrections were possible if both an R53_ALIAS
pointing to an A record and to an AAAA record existed for the same label,
and map iteration over existing and desired found them in different orders.
(This is a common configuration for IPv6-enabled records.)
This commit:
* mirrors key logic in the R53 provider
* centralizes logic around keys in the models package
* adds tests
