StackExchange/dnscontrol
1
1
Fork 0
mirror of https://github.com/StackExchange/dnscontrol.git synced 2025-12-09 13:46:07 +08:00
Code Issues Projects Releases Packages Wiki Activity
dnscontrol/documentation/provider/alidns.md
Jiacheng bcef7f52fc
ALIDNS: Implement ALIDNS Provider (#3878) 
<!--
## Before submiting a pull request

Please make sure you've run the following commands from the root
directory.

    bin/generate-all.sh

(this runs commands like "go generate", fixes formatting, and so on)

## Release changelog section

Help keep the release changelog clear by pre-naming the proper section
in the GitHub pull request title.

Some examples:
* CICD: Add required GHA permissions for goreleaser
* DOCS: Fixed providers with "contributor support" table
* ROUTE53: Allow R53_ALIAS records to enable target health evaluation

More examples/context can be found in the file .goreleaser.yml under the
'build' > 'changelog' key.
!-->

https://github.com/StackExchange/dnscontrol/issues/420


Please create the GitHub label 'provider-ALIDNS'

---------

Co-authored-by: Tom Limoncelli <6293917+tlimoncelli@users.noreply.github.com>
2025-12-04 10:55:14 -05:00

126 lines
3.5 KiB
Markdown
Raw Blame History

## Configuration
This provider is for [Alibaba Cloud DNS](https://www.alibabacloud.com/product/dns) (also known as ALIDNS). To use this provider, add an entry to `creds.json` with `TYPE` set to `ALIDNS` along with your API credentials.
Example:
{% code title="creds.json" %}
```json
{
"alidns": {
"TYPE": "ALIDNS",
"access_key_id": "YOUR_ACCESS_KEY_ID",
"access_key_secret": "YOUR_ACCESS_KEY_SECRET"
}
}
```
{% endcode %}
Optionally, you can specify a `region_id`:
{% code title="creds.json" %}
```json
{
"alidns": {
"TYPE": "ALIDNS",
"access_key_id": "YOUR_ACCESS_KEY_ID",
"access_key_secret": "YOUR_ACCESS_KEY_SECRET",
"region_id": "cn-hangzhou"
}
}
```
{% endcode %}
Note: The `region_id` defaults to `"cn-hangzhou"`. The region value does not affect DNS management (DNS is global), but Alibaba's SDK requires a region to be provided.
## Usage
An example configuration:
{% code title="dnsconfig.js" %}
```javascript
var REG_NONE = NewRegistrar("none");
var DSP_ALIDNS = NewDnsProvider("alidns");
D("example.com", REG_NONE, DnsProvider(DSP_ALIDNS),
A("test", "1.2.3.4"),
CNAME("www", "example.com."),
MX("@", 10, "mail.example.com."),
);
```
{% endcode %}
## Activation
DNSControl depends on an Alibaba Cloud [RAM user](https://www.alibabacloud.com/help/en/ram/user-guide/overview-of-ram-users) with permissions to manage DNS records.
### Creating RAM User and Access Keys
1. Log in to the [RAM console](https://ram.console.aliyun.com/)
2. Create a new RAM user or use an existing one
3. Generate an AccessKey ID and AccessKey Secret for the user
4. Attach the `AliyunDNSFullAccess` policy to the user
The minimum required permissions are:
```json
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"alidns:DescribeDomains",
"alidns:DescribeDomainRecords",
"alidns:DescribeDomainInfo",
"alidns:AddDomainRecord",
"alidns:UpdateDomainRecord",
"alidns:DeleteDomainRecord"
],
"Resource": "*"
}
]
}
```
## Important Notes
### TTL Constraints
Alibaba Cloud DNS has different TTL constraints depending on your DNS edition:
- **Enterprise Ultimate Edition**: TTL can be as low as 1 second (1-86400)
- **Personal Edition / Free Edition**: Minimum TTL is 600 seconds (600-86400)
DNSControl will automatically validate TTL values based on your domain's edition. If you attempt to use a TTL below the minimum for your edition, you will receive an error.
### Chinese Domain Name Support
ALIDNS supports Chinese domain names (IDN with Chinese characters). However:
- **Supported**: ASCII characters and Chinese characters (CJK Unified Ideographs)
- **Not supported**: Other Unicode characters (e.g., German umlauts, Arabic script)
DNSControl will automatically convert between punycode and unicode as needed.
### Record Type Support
The following record types are supported:
- A, AAAA, CNAME, MX, TXT, NS
- CAA (requires quoted values: `0 issue "letsencrypt.org"`)
- SRV
### TXT Record Constraints
Alibaba Cloud DNS has specific constraints for TXT records:
- Cannot be empty
- Maximum length: 512 bytes
- Cannot contain unescaped double quotes
- Cannot have trailing spaces
- Cannot have unpaired backslashes (odd number of consecutive backslashes)
DNSControl will audit and reject records that violate these constraints.
## New Domains
If a domain does not exist in your Alibaba Cloud account, you must create it manually through the Alibaba Cloud console. DNSControl does not automatically create new domains for this provider.
Reference in a new issue View git blame Copy permalink