* Add PTR support for ClouDNS
* Implement PTR Support for CLouDNS
Co-authored-by: IT-Sumpfling <it-sumpfling@maxit-con.de>
Co-authored-by: bentaybi jamal <jamal@pfalzcloud.de>
* HETZNER: better rate limit handling
- Hetzner is using a Proxy service 'kong' which broadcasts it limits
- honor 'Retry-After' of 429 responses
- delay requests per-se: see the amended docs for details
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* HETZNER: apply review feedback: store quotaName as lower case
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
* HETZNER: implement the provider for Hetzner DNS Console
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* HETZNER: apply review feedback
- add domain into error messages
- insert sub-strings using `%q`
- insert sub-errors using `%w`
- change api.getZone() signature to return a (potentially `nil`) Zone
pointer instead of a (potentially empty) Zone value
- sort imports and confirm with `$ goimports -w providers/hetzner/`
- use exact 'api_key' term in error message of settings validation
- add blank line for logic separation
- drop internal record id from correction messages
Co-Authored-By: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* HETZNER: add request rate-limiting handling
There are a limited number of data-points on how their rate-limiting
works at this time. I deduce from my account to others and use a fixed/
constant backoff of 1s as the initial delay. Thereafter exponential
increase with factor 2 (not needed at this time).
Hetzner has not made any official statements on rate-limiting, so this
is guesswork only.
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* HETZNER: address golint complaints
- baseUrl -> baseURL
- mark Record as private -> record
- mark Zone as private -> zone
- mark RequestRateLimiter as private -> requestRateLimiter
- capitalize Id fields as ID
- keep delay logic on same level, move return out of branch
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* HETZNER: rate_limited: init the response timestamp on requestRateLimiter
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* HETZNER: requestRateLimiter: align local variable with struct name
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
* VULTR: Update govultr to v1.0.0 (fixes#892) (#897)
* go get -u github.com/hexonet/go-sdk
* Fix HEXONET providers.json entry
* providers.json: json commma
* providers.json: fmtjson
* HEXONET: Implement get-zones. Fix tests and docs.
* fixup!
* Update azure test failures
* Move version info into its own package
* Use new version system
* fix get-zones code block indentation
* extend D_EXTEND to handle subdomains
* fix targets: make absolute incl. subdomain where necessary
* clarify subdomain target test (not IP && not fqdn)
* Add parse_tests for D and D_EXTEND
* _getDomainObject: examine all domains
* human readable form
* consistent test IP addresses
* Improve docs and formatting
* propagate subdomain to canonicalisation
* en-US spelling
* rm extraneous console.log
* ignore subdomain for CF_REDIRECT
* clarify D_EXTEND doc re. CF_REDIRECT
* rm extraneous linebreak
* _getDomainObject: examine all domains
* human readable form
* consistent test IP addresses
* propagate subdomain to canonicalisation
* en-US spelling
* rm extraneous console.log
* ignore subdomain for CF_REDIRECT
* clarify D_EXTEND doc re. CF_REDIRECT
* rm extraneous linebreak
* GANDI_V5: Use github.com/go-gandi/go-gandi, not github.com/tiramiseb/go-gandi (#883)
* DOCUMENTATION: Fix error in CNAME.md (#877)
The current example `CNAME("def", "test.subdomain"), // def.example.com -> test.subdomain.example.com` is invalid (correctly raises a validation error, "ERROR: in CNAME def.example.com: target (test.subdomain) must end with a (.)")
* typos, fmt; example syntax fixes and real output
* formatting; re-add lost comment
* RecordConfig subdomain should be nullable
* providers/cscglobal/api.go: Fix fmt string
* More tests and docs
* go generate
Co-authored-by: Ben L <47653825+ad8-bdl@users.noreply.github.com>
The current example `CNAME("def", "test.subdomain"), // def.example.com -> test.subdomain.example.com` is invalid (correctly raises a validation error, "ERROR: in CNAME def.example.com: target (test.subdomain) must end with a (.)")
* Support create-domains for INWX
* Use own function to decide which NS to use when sandbox
* Updated docs via go generate
* Move domainIndex into inwxAPI struct
* Changed getDefaultNameservers() IF
* Make Tom happy
* Updated docs via go generate
* Add initial dns.he.net provider support
* Update to new IncrementalDiff interface
* Fix ListZones output for `all` query on `get-zones`
* Refactor authentication code for 2FA with better error checking
* Fix integration test and refactor zone record retrieval
* Add option to use `.hedns-session` file to store sessions between runs
* Add comment on `session-file-path`
* Add integration test for TXT records longer than 255 characters
* Add additional checks for expected responses, and better 2FA error checking
* Minor documentation changes
* Revert "Add integration test for TXT records longer than 255 characters"
This reverts commit 657272db
* Add note on provider fragility due to parsing the web-interface
* Resolve go lint issues
* Clarify security warnings in documentation
* adds initial support for INWX
* adds all features to the INWX provider
* allows domain for tests in creds.json for INWX
* runs go generate to update docs for INWX
* fixes formatting with gofmt
* changes goinwx to github.com/nrdcg/goinwx v0.8.0
* simplifies inwx sandbox check
* changes inwx unknown key error to a warning
* adds models.PostProcessRecords for inwx records
* replaces strings.TrimRight with [:-1] to remove final dot for inwx
* adds a comment about the domain creds.json key for the inwx provider
* removes warning for invalid creds.json keys in the inwx provider
* adds TOTP calculation support for inwx
* adds comments to inwxProvider
* improves INWX error messages
* adds additional documentation about the TOTP support for INWX
* adds inwx documentation
* bumps goinwx to 0.8.1 to fix the inwx API
* Added DU() and getConfiguredDomains()
* Added docs for both new functions
* Added a space between option and its value
* Renamed "DU" to "D_EXTEND", adjusted docs
* Fixed: Changed old DU() calls to D_EXTEND()
* Add multiple string support to SPF optimizer
Notes:
* This implements [RFC 4408][rfc] for the SPF optimizer. Allowing for
more SPF records to fit within the 10 lookups by using multiple strings.
* By default the max size of the TXT remains at 255. Meaning users will
still only get a single 255 length string unless they modify `txtMaxSize`
and opt into this feature.
* The general recommendation when using multiple strings for TXT records
is to keep the size within a single UDP packet. It seems like the
maximum size for this depends on a bunch of factors that are sometimes
outside of your control. A similar tool has a [formula for estimating the
maximum allowed size][formula]. However I felt giving a user
configurable size would fit with the current configuration style that
dnscontrol has. Similar to how dnscontrol recommends only flattening a
record if absolutely needed, I can see this length being increased by
only enough to get you within 10 lookups.
[rfc]: https://tools.ietf.org/html/rfc4408#section-3.1.3
[formula]: https://github.com/oasys/mkspf/blob/master/Overhead.md
* Add a nice comment for the Chunks function
Open to other configuration opens for how best to make this optional. Or
potentially making this an opt in configuration item which would be a
breaking change.
The main reason that someone would want to disable this is if their raw
SPF record goes over the 255 characters. This is potentially another
place that could get some multi string support. But as it is only used
for debugging purposes it seems like there should be a way to outright
disable it too.
* get-certs.md: correct flag names
* Update get-certs.md
added all flags per current `--help` output; rearranged ordering to match `--help`; removed the deprecated `--verbose`
Thanks to @haraldkoch for starting this, @McNetic for picking it up.
* Added DS record type
* Added DS for cloudflare provider with tests
* Removed DS validation, fixed parse test
* Added generated files
* Added dnsimple ds record
* Regenerated documentation matrix
* rebased and regenerated
* Updated integration tests
* Rebase and regenerate
* Enable DS record type for provider desec
* Added DS record type
* Added DS for cloudflare provider with tests
* Removed DS validation, fixed parse test
* Added generated files
* Added dnsimple ds record
* Regenerated documentation matrix
* rebased and regenerated
* Updated integration tests
* Rebase and regenerate
* Enable DS record type for provider desec
* Rebase and fixes
Co-authored-by: Robert Koch <robert@kochie.io>
Co-authored-by: Nicolai Ehemann <nicolai.ehemann@enerko-informatik.de>
* Added slack notification
* Added slack notification to doc.
* Send notifications as single message & updated doc. example
* Remove not needed variable
* Add initial deSEC support
* Handle the api rate limiting
* Fix deleteRR and do some code cleanup
* improve rate limiting and record deletion
* Add documentation for deSEC provider
* README.md update list of supported DNS providers
* deSEC supports SSHFP records
* dynamic minimum_ttl and hint for DNSSec on domain creation
* merge all changes into one single bulk api request
* Fix: actually set the TTL to min_ttl if necessary
* use a constant for apiBase URL
* Fix code comments
* Use PUT instead of PATCH for upsertRR method
* use ' instead of " for java script examples
* Add support for netcup DNS api.
* Add documentation page.
* Update reference to new version path.
* Add OWNERS entry for netcup.
* Add credentials for integration test. Netcup does not support PTRs. Fix parsing/formating of SRV records.
* Skip integration tests that are not supported.
* Use single quotes in JS code.
Final changes before V3.0.0 release
* Remove old Gandi. Fixes#575
* Many cleanups
* go mod tidy && go mod vendor
* integration_test.go: Output subtest name
* Cleanups
* integration_test.go: Description should include sub-test name
* Add a whitespace test to js/parse_tests/017-txt.js
* Cloudflare strips whitespace from end of TXT
* Fixes https://github.com/StackExchange/dnscontrol/issues/700
* Whitespace at end of TXT records
Name.com strips the whitespace from the end of a TXT record. There's
nothing we can do other than file a bug.
* Fixes https://github.com/StackExchange/dnscontrol/issues/701
* Add tests for get-zones
* fix CAA, SSHFP, TLSA and other bugs
* New format for get-zones: "djs" which is js but uses "disco commas"
* Print diffs using github.com/andreyvit/diff
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
* Tests: ensure provider capabilities are checked
Adds test: `TestCapabilitiesAreFiltered`
We have a number of records and pseudo-records which in theory can only
be used with a given provider if that provider indicates support. In
practice, we've been missing the checks for that support and have been
passing the records down anyway. The advice comment in the
providers/capabilities.go file to edit `checkProviderCapabilities()` has
not been reliably followed.
We need an internal self-consistency test. The constants are not
directly exported or enumerable based solely on the package interfaces
at run-time, but with source access for a test suite, we can use the
`go/ast` and related interfaces to examine the code, extract all the
constants from a given package, figure out which ones we want to be
handled, and then insist that they're handled.
Before my recent work, we only checked:
ALIAS PTR SRV CAA TLSA
After this commit, we check:
ALIAS AUTODNSSEC CAA NAPTR PTR R53_ALIAS SSHFP SRV TLSA
I've added `AUTODNSSEC` as a new feature; `SSHFP` and `PTR` were caught
in other recent commits from me; implementing this test caused me to
have to add `NAPTR` and `R53_ALIAS`. I whitelist `CanUseTXTMulti` as a
special-case.
This should prevent regressions. We will probably want to post publicly
to warn people that if they're using SSHFP/PTR/NAPTR/R53_ALIAS then they
should check the feature matrix and if they don't see their provider
listed, to report is as "hey that actually works" so we can update the
provider flags. Bonus: our feature matrix will suddenly be more
accurate.
* Add comments/docs for capabilities authors
* fixup!
* fixup!
* github.com/miekg/dns
* Greatly simplify the logic for handling serial numbers. Related code was all over the place. Now it is abstracted into one testable method makeSoa. This simplifies code in many other places.
* Update docs/_providers/bind.md: Edit old text. Add SOA description.
* SOA records are now treated like any other record internally. You still can't specify them in dnsconfig.js, but that's by design.
* The URL for issue 491 was wrong in many places
* BIND: Clarify GENERATE_ZONEFILE message
There's a philosophy issue here around what is the Bind output meant to
do. Since AFAIK we're not integrating into Bind's catalog zones or the
like, we're just targeting the zonefiles, we're not in a position to do
_anything_ relating to registrar options such as setting up DS glue.
So at one level, enabling AutoDNSSEC for Bind is a lie. But without
this, folks can't target a Bind zone as a secondary provider for their
domain, to get debug dumps of the zone output, because the checks for
"Can" block it. So I think this commit achieves a happy compromise: we
write a comment into the Bind zonefile, indicating that DNSSEC was
requested.
Actually: we add support for arbitrary zone comments to be written into
a zonefile via a slightly ugly "can be `nil`" parameter. We then write
in a generation timestamp comment, and if AutoDNSSEC was requested we
then write that in too.
* Add AUTODNSSEC, implement for DNSimple
There are two models for DNSSEC in DNS management: either dnscontrol
manages all the DNSSEC records and has to be invoked regularly for
re-signing, or the provider manages DNSSEC automatically and dnscontrol
is not involved beyond saying "yeah, do that".
This implements the latter, as a model, and for one provider.
Potentially we could tune/configure options for DNSSEC such as
algorithm, but DNSimple don't expose that API so I haven't implemented
it.
This minimal model should be something which maps into other providers
cleanly.
* Fix missing CanAutoDNSSEC on provider
* Validation fix for master broken
This is broken in master and causing Travis in my branch to fail. The
validation tool runs with `gofmt -s` to require "simplify", and so
rejects an ignored second bound variable to range iteration.
* Correct wire in the AUTODNSSEC validation step
