* Add initial dns.he.net provider support
* Update to new IncrementalDiff interface
* Fix ListZones output for `all` query on `get-zones`
* Refactor authentication code for 2FA with better error checking
* Fix integration test and refactor zone record retrieval
* Add option to use `.hedns-session` file to store sessions between runs
* Add comment on `session-file-path`
* Add integration test for TXT records longer than 255 characters
* Add additional checks for expected responses, and better 2FA error checking
* Minor documentation changes
* Revert "Add integration test for TXT records longer than 255 characters"
This reverts commit 657272db
* Add note on provider fragility due to parsing the web-interface
* Resolve go lint issues
* Clarify security warnings in documentation
* adds initial support for INWX
* adds all features to the INWX provider
* allows domain for tests in creds.json for INWX
* runs go generate to update docs for INWX
* fixes formatting with gofmt
* changes goinwx to github.com/nrdcg/goinwx v0.8.0
* simplifies inwx sandbox check
* changes inwx unknown key error to a warning
* adds models.PostProcessRecords for inwx records
* replaces strings.TrimRight with [:-1] to remove final dot for inwx
* adds a comment about the domain creds.json key for the inwx provider
* removes warning for invalid creds.json keys in the inwx provider
* adds TOTP calculation support for inwx
* adds comments to inwxProvider
* improves INWX error messages
* adds additional documentation about the TOTP support for INWX
* adds inwx documentation
* bumps goinwx to 0.8.1 to fix the inwx API
This functionality is required by the GCLOUD provider, which supports
recordsets of type DS but only for child records of the zone, to enable
further delegation. It does not support them at the apex of the zone (@)
because Google Cloud DNS is not itself a registrar which needs to model
this information.
A related change (14ff68b151, #760) was
previously introduced to enable DS support in Google, which broke
integration tests with this provider.
To cleanly support this, we introduce a new provider capability
CanUseDSForChildren and appropriate integration tests. Further, it is no
longer possible to verify a provider has the proper capabilities for a
zone simply by existence of particular records; we adapt the capability
checks to enable inspection of the individual recordsets where this is
required.
Closes#762
Thanks to @haraldkoch for starting this, @McNetic for picking it up.
* Added DS record type
* Added DS for cloudflare provider with tests
* Removed DS validation, fixed parse test
* Added generated files
* Added dnsimple ds record
* Regenerated documentation matrix
* rebased and regenerated
* Updated integration tests
* Rebase and regenerate
* Enable DS record type for provider desec
* Added DS record type
* Added DS for cloudflare provider with tests
* Removed DS validation, fixed parse test
* Added generated files
* Added dnsimple ds record
* Regenerated documentation matrix
* rebased and regenerated
* Updated integration tests
* Rebase and regenerate
* Enable DS record type for provider desec
* Rebase and fixes
Co-authored-by: Robert Koch <robert@kochie.io>
Co-authored-by: Nicolai Ehemann <nicolai.ehemann@enerko-informatik.de>
* Update DNSimple-go to 0.61
This adds support for contexts, exports all return values, Adds ZoneRecordAttributes to fix support for blank record names.
* Add UserAgent to client
* Update Integration test for DNSimple
We now support Empty TXT, however we do not support Null MX yet.
* Bump to dnsimple-go 0.62 & use dnsimple.String()
* Add support for netcup DNS api.
* Add documentation page.
* Update reference to new version path.
* Add OWNERS entry for netcup.
* Add credentials for integration test. Netcup does not support PTRs. Fix parsing/formating of SRV records.
* Skip integration tests that are not supported.
* Use single quotes in JS code.
* Fix#702: Spurious null MX changes on CloudFlare
* Test roundtripping null MX on Cloudflare
* Use an if instead of TrimSuffix
* Add other providers that support RFC 7505
* Suppress test for non-compliant providers
Final changes before V3.0.0 release
* Remove old Gandi. Fixes#575
* Many cleanups
* go mod tidy && go mod vendor
* integration_test.go: Output subtest name
* Cleanups
* integration_test.go: Description should include sub-test name
* Add a whitespace test to js/parse_tests/017-txt.js
* Cloudflare strips whitespace from end of TXT
* Fixes https://github.com/StackExchange/dnscontrol/issues/700
* Whitespace at end of TXT records
Name.com strips the whitespace from the end of a TXT record. There's
nothing we can do other than file a bug.
* Fixes https://github.com/StackExchange/dnscontrol/issues/701
* Refactor tests into "groups", each with its own filter (not/only/requires) to select which providers are appropriate.
* Test driver code is now a lot more simple and clear.
* Add support for not(), only(), and requires() as a way to select/reject providers for a test.
* Add docs explaining how to add tests
* Logging messages are much cleaner now, especially when tests are skipped.
* -start and -end now refer to test groups, not individual tests. Log messages list the group numbers clearly.
* Add stringer for Capabilities
* Change the order of the tests so that simple tests are first
* Removed knownFailures from providers.json
* fmtjson providers.json
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
The test 49 was changing the fingerprint type of a SSHFP DNS RR,
but not the fingerprint hash. Changing the type of hash function
changes the hash result size (there's only two defined hash type of
different size in the RFC, SHA-1 and SHA-256).
This was failing with the OVH provider, because OVH is validating
the hash sizes of any created SSHFP RR and was finding an inconsistency.
Since there's already the test 50 which is both changing the type
and the fingerprint, the functionality is still covered and we
can remove test 49.
Commit 87ad01d added the very useful `get-zones` command, which
requires providers to implement a new method `GetZoneRecords`.
This changes make the OVH provider support this.
* Update Exoscale provider
* Update vendor folder for exoscale/egoscale v0.23.0
* Fix typos and SRV parsing
* Add . at the end of SRV records for exoscale
* Replaced errors.Wrap with fmt.Errorf (#589)
* Find: errors\.Wrap\(([^,]+),\s+(["`][^"`]*)(["`])\)
Replace: fmt.Errorf($2: %w$3, $1)
* Replaced errors.Wrapf with fmt.Errorf (#589)
* Find: errors\.Wrapf\(([^,]+),\s+(["`][^"`]*)(["`])\)
Replace: fmt.Errorf($2: %w$3, $1)
* Find: errors\.Wrapf\(([^,]+),\s+(["`][^"`]*)(["`])(,[^)]+)\)
* Replace: fmt.Errorf($2: %w$3$4, $1)
* Replaced errors.Errorf with fmt.Errorf (#589)
* Find: errors\.Errorf
Replace: fmt.Errorf
* Cleaned up remaining imports
* Cleanup
* Regenerate provider support matrix
This was broken by #533 ... and it's now the third time this has been missed.
* Switched to v2 go.mod
Also set GO111MODULE=on in build stuff to always use Go modules
even when in GOPATH.
* Ensure go.mod, go.sum, and vendor are up to date
* Attempt to fix Azure pipelines
* Add set -e to properly fail on exit (it didn't seem to be
propagating properly before).
* Set workingDirectory for GoFmt and GoGen (this might be why it
fails unlike compile and unitests).
* Another attempt to fix Azure Pipelines
* Use the Go env template for all go-related jobs.
* Completely fixed Azure Pipelines
* Added a display name to GoFmt for consistency.
* Fixed diffs for GoFmt and GoGen.
* Show git status for checks.
* Drop GOPATH for tests
TODO: Do the same for integration tests.
* Drop GOPATH for integration tests
* Show more diffs
* Regenerate provider support matrix
This wasn't done in #590...
* ClouDNS: first version of provider
* ClouDNS: documentation
* ClouDNS: code cleanup
* ClouDNS: GetNameservers now uses ClouDNS API to fetch NS servers list
* ClouDNS: CAA support
* ClouDNS: TLSA support
* ClouDNS: tests credentials now use variables instead of hardcoded values
* ClouDNS: SSHFP support
* ClouDNS: export only necessary methods
* providers/cloudflare: Support API tokens
Cloudflare API tokens are a new way to authenticate to Cloudflare API.
Unlike the Global API key, tokens can be given specific permissions to
only access parts of the API. See [1] for details.
[1] https://blog.cloudflare.com/api-tokens-general-availability/
This commit introduces a new credential for cloudflare called
`apitoken`, which is mutually exclusive with `apiuser` and `apikey`.
In order for DNSControl to work with this token, it should have the
right to read DNS zones and edit DNS records.
Closes#534
* CLOUDFLARE: Update integration tests for api token
According to the RFC, the way to indicate that a SRV has no target is to set the target to ".". Some providers do not handle this, or the API returns "" instead of ".". This situation is now tested in the integration tests and all providers (that support this) have been fixed.
* Cloudflare: Fix decoding empty SRV target (fixes#561)
SRV records with empty (".") targets are now returned as false by
the API, which breaks Unmarshaling it into a string.
* Use custom type for Cloudflare SRV target
Rewrote the SRV target decoding to use a custom type for (un)marshaling, as
Cloudflare returns false for null targets, but it requires a single period
for giving it one. The target code has also been made more flexible to future
API changes with additional normalization.
This has been tested with record creation, deletion, and update and works
as of 2019-11-05.
* DigitalOcean: Fix target FQDN for null targets
Without this, dnscontrol thinks an update is needed (.. != .) even
when the SRV target is correct.
* DNSimple: Fix parsing of null SRV target
DNSimple only returns two fields when the target is null.
* NameDotCom: Add note about not supporting null SRV targets, skip test
* DNSimple: Do not append a . unless we have all three parts
Signed-off-by: Amelia Aronsohn <squirrel@wearing.black>
* Regenerated provider matrix
* condense AD 'unsupported record type' warnings
* active directory provider can create/modify/delete NS records!
* ad passes more of the tests now
* skip root NS records for safety
* clarifying comment
* govendor gopkg.in/yaml.v2
* Ignore YAML and BIND test data litter. Create README.txt files to force git to create subdirectories.
* Update convertzone to also read OctoDNS files
* Add gandi LiveDNS api provider
* vendor testify and gandi live DNS
* govendor update github.com/prasmussen/gandi-api/{client,live_dns}
* Fix Gandi-livedns TXT unit test
* TravisCI should use go 1.10
* Stable comparison of metadata (#239)
Iterating over a map in Go never produces twice the same ordering.
Thus when comparing two metadata map with more than one key, the
`differ` is always finding differences.
To properly compare records metadata, we need to iterate the maps
in a deterministic way.
Signed-off-by: Brice Figureau <brice@daysofwonder.com>
* Support for Route53 ALIAS record type (#239)
Route53 ALIAS doesn't behave like a regular ALIAS, and is much more
limited as its target can only be some specific AWS resources or
another record in the same zone.
According to #239, this change adds a new directive R53_ALIAS which
implements this specific alias. This record type can only be used
with the Route53 provider.
This directive usage looks like this:
```js
D("example.com", REGISTRAR, DnsProvider("ROUTE53"),
R53_ALIAS("foo1", "A", "bar") // record in same zone
R53_ALIAS("foo2", "A",
"blahblah.elasticloadbalancing.us-west-1.amazonaws.com",
R53_ZONE('Z368ELLRRE2KJ0')) // ELB in us-west-1
```
Unfortunately, Route53 requires indicating the hosted zone id
where the target is defined (those are listed in AWS documentation,
see the R53_ALIAS documentation for links).
* Add support for the IGNORE(name) directive (#183)
IGNORE is like NO_PURGE but for a spefic record instead of the whole
zone. This is very useful for instance if you have a zone where
only some records are managed externally from dnscontrol (for instance
using kubernetes external dns system).
Adding IGNORE("foo") in the zone will make dnscontrol not trying
to manage the "foo" record (and especially not deleting it).
dnscontrol will error out if the "foo" record is both ignored and
managed in dnscontrol.
This can be seen as a generic Cloudflare's ignored label.
Signed-off-by: Brice Figureau <brice@daysofwonder.com>
* Deprecate CloudFlare ignoredLabels in favor of IGNORE (#183)
Since IGNORE implements a generic `ignoredLabels` system, let
the user know CF `ignoredLabels` are deprecated.
Signed-off-by: Brice Figureau <brice@daysofwonder.com>
* OVH DNS Provider (#143)
This adds the OVH Provider along with its documentation.
Unfortunately we can't set this DNS provider to support `CanUsePTR`,
because OVH only supports setting PTR target on the Arpa zone.
* OVH Registrar provider (#143)
This implements OVH as a registrar provider.
Note that NS modifications are done in a "best effort" mode, as the
provider doesn't wait for the modifications to be fully applied
(the operation that can take a long time).
* Allow support for dual providers scenarios
Since OVH released their APIv6, it is now possible to update
zone apex NS records, opening the door to complete dual providers
scenarii.
This change implements apex NS management in an OVH zone.
* Added Vultr provider
* Fixed tests
* Fixed CI build validation
* Add unsupported features
* Added #rtype_variations tags according to stackexchange.github.io/dnscontrol/adding-new-rtypes
* Add title (for compatibility with #223)
* Removed extra rtype_variations
Add SoftLayer DNS as a DomainServiceProvider.
The SoftLayer API is a bit of a mess and treats MX and SRV records
differently. This leads to some replication and custom handling issues
to work around.
In this patch I have to change the SRV test case to be _tcp instead of
_protocol because softlayer requires a "known" protocol which AFAICT is
tcp, udp or tls. I think this will be acceptable in most cases.
Signed-off-by: Jamie Lennox <jamielennox@gmail.com>
* add ns1 libs to vendor
* Create shim and wire into tests
* ns1 provider more working.
* vendor correct files
* comment diff functions
* ns1 docs
* making mx work with ns1
* ?
* refactor tests to make capability blocks easier. fix up ns1
* Implement Digitalocean provider
* Vendor digitalocean lib
* Enable SRV for Digitalocean and fix the tests
* Test cname etc. records pointing to the same domain
* Added CAA support
* Fixed bind parsing of CAA records
* Added CAA parsing test
* Renamed CAA json fields
* Added CAA tag validation
* Updated CAA docs to clarify on the value field
* parse_tests: Fixed typo in caaflags
* Added integration test
* Small cleanups
* Integration tests: PTR tests should only happen if CanUsePTR
* Integration tests: SRE tests should only happen if CanUseSRV
* CanUseSRV should be validated early (in pkg/normalize/validate.go)
* CLOUDFLARE does not support SRV. Check for this during validation
* GCLOUD CanUsesRV (mostly by accident, but whatever works)
* Add support for SRV records for NAMEDOTCOM and ROUTE53.
* Improve docs
* Rename RR() to ToRR().
* Rename RecordConfig Priority to MxPreference (affects json IR data)
* intitial work for bind refactor
* relax requirement that creds.json exists.
* Updating bind docs.
Fixes#48
* typo
* can exclude provider from default set in creds.json
* Add bind to integration tests. Fix for IDNs.
* Implement a basic DNSimple provider.
Handles domain delegation as well as record create, update, and delete.
Note that this is completely untested at the moment. It’s so alpha it might burn your face off.
* Add some inline comments. Always use the StackExchange libs.
* Clean up dnsimple docs a little
* This will need to be changed before merging.
* Import the dnsimple dnscontrol package from its expected path
* Properly build the FQDN and implement record listing so create/update/delete are used correctly.
* Add support for overriding base URL to allow connection to sandbox.
* Vendor dnsimple-go and its dependencies.
* Remove unnecessary doc file.
* Use dnsutil.AddOrigin for combining record name and origin.
* Modifying dnsimple provider to pass tests
* integration test started
* details
* More tests.
* idn tests and punycode (not tested fully because I'm on an aiplane)
* test for dual provider compatibility
* readme for tests
* vendor idna
* fix casing
