StackExchange/dnscontrol
1
1
Fork 0
mirror of https://github.com/StackExchange/dnscontrol.git synced 2025-12-09 13:46:07 +08:00
Code Issues Projects Releases Packages Wiki Activity
Synchronize your DNS to multiple providers from a simple DSL
2651 commits 15 branches 130 tags 65 MiB
Go 91.7%
JavaScript 6.4%
Dogescript 1.8%
Find a file
dependabot[bot] fa24aa8bfa
Build(deps): Bump js-yaml from 4.1.0 to 4.1.1 (#3847) 
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.0 to 4.1.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's
changelog</a>.</em></p>
<blockquote>
<h2>[4.1.1] - 2025-11-12</h2>
<h3>Security</h3>
<ul>
<li>Fix prototype pollution issue in yaml merge (&lt;&lt;)
operator.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cc482e7759"><code>cc482e7</code></a>
4.1.1 released</li>
<li><a
href="50968b862e"><code>50968b8</code></a>
dist rebuild</li>
<li><a
href="d092d86603"><code>d092d86</code></a>
lint fix</li>
<li><a
href="383665ff42"><code>383665f</code></a>
fix prototype pollution in merge (&lt;&lt;)</li>
<li><a
href="0d3ca7a27b"><code>0d3ca7a</code></a>
README.md: HTTP =&gt; HTTPS (<a
href="https://redirect.github.com/nodeca/js-yaml/issues/678">#678</a>)</li>
<li><a
href="49baadd52a"><code>49baadd</code></a>
doc: 'empty' style option for !!null</li>
<li><a
href="ba3460eb9d"><code>ba3460e</code></a>
Fix demo link (<a
href="https://redirect.github.com/nodeca/js-yaml/issues/618">#618</a>)</li>
<li>See full diff in <a
href="https://github.com/nodeca/js-yaml/compare/4.1.0...4.1.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=js-yaml&package-manager=npm_and_yarn&previous-version=4.1.0&new-version=4.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/StackExchange/dnscontrol/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-21 12:45:05 -05:00
.github Build(deps): Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#3806) 2025-10-27 13:34:37 -04:00
bin CICD: Detect broken HTML links in the documentation as part of the pipeline (#3439) 2025-03-21 10:56:41 -04:00
build NEW FEATURE: Add SMIMEA support for BIND and deSEC (#3786) 2025-10-10 11:16:13 -04:00
commands Remove unused --depopulate flag (#3843) 2025-11-21 09:29:47 -05:00
docs FEATURE: Optionally disable spfcache.json (#3765) 2025-09-13 12:23:46 -04:00
documentation DEPS: Switch to maintained fork of shoutrrr (#3838) 2025-11-17 11:52:26 -05:00
integrationTest NEW FEATURE: Add SMIMEA support for BIND and deSEC (#3786) 2025-10-10 11:16:13 -04:00
models AKAMAIEDGEDNS: Add ALIAS and AKAMAITLC support to the Akamai Edge DNS provider (#3836) 2025-11-14 09:48:42 -05:00
pkg NEW FEATURE: Empty creds.json should not be an error (#3844) 2025-11-21 10:46:18 -05:00
providers AKAMAIEDGEDNS: Add ALIAS and AKAMAITLC support to the Akamai Edge DNS provider (#3836) 2025-11-14 09:48:42 -05:00
.editorconfig DOCS: expand upon concurrency (#3676) 2025-07-22 10:01:10 -04:00
.git-blame-ignore-revs
.gitattributes DOCS: Fix many minor typos (#3752) 2025-09-02 11:00:25 -04:00
.gitignore DOCS: generate smaller tables for feature matrix (2nd try) (#3589) 2025-05-29 13:53:33 -04:00
.goreleaser.yml Joker: Implement DNS Provider (#3661) 2025-08-04 16:37:20 -04:00
.linkspector.yml DOCS: Linkspector URI fixes (#3625) 2025-06-20 08:39:47 -04:00
.nvmrc CICD: Detect broken HTML links in the documentation as part of the pipeline (#3439) 2025-03-21 10:56:41 -04:00
.prettierrc
Dockerfile Build(deps): Bump alpine from 3.22.1 to 3.22.2 (#3818) 2025-11-03 11:31:31 -05:00
go.mod DEPS: Switch to maintained fork of shoutrrr (#3838) 2025-11-17 11:52:26 -05:00
go.sum DEPS: Switch to maintained fork of shoutrrr (#3838) 2025-11-17 11:52:26 -05:00
LICENSE
main.go BUG: User-Agent should include DNSControl version (#3653) 2025-07-09 10:56:38 -04:00
OWNERS Joker: Implement DNS Provider (#3661) 2025-08-04 16:37:20 -04:00
package-lock.json Build(deps): Bump js-yaml from 4.1.0 to 4.1.1 (#3847) 2025-11-21 12:45:05 -05:00
package.json NEW FEATURE: Add SMIMEA support for BIND and deSEC (#3786) 2025-10-10 11:16:13 -04:00
README.md Joker: Implement DNS Provider (#3661) 2025-08-04 16:37:20 -04:00
SECURITY.md
staticcheck.conf

README.md

DNSControl

StackExchange/dnscontrol/build Google Group PkgGoDev

DNSControl is a system for maintaining DNS zones. It has two parts: a domain specific language (DSL) for describing DNS zones plus software that processes the DSL and pushes the resulting zones to DNS providers such as Route53, Cloudflare, and Gandi. It can send the same DNS records to multiple providers. It even generates the most beautiful BIND zone files ever. It runs anywhere Go runs (Linux, macOS, Windows). The provider model is extensible, so more providers can be added.

Currently supported DNS providers:

  • AdGuard Home
  • Akamai Edge DNS
  • AutoDNS
  • AWS Route 53
  • AXFR+DDNS
  • Azure DNS
  • Azure Private DNS
  • BIND
  • Bunny DNS
  • CentralNic Reseller (CNR) - formerly RRPProxy
  • Cloudflare
  • ClouDNS
  • CSC Global (Experimental)
  • deSEC
  • DigitalOcean
  • DNS Made Easy
  • DNSimple
  • Domainnameshop (Domeneshop)
  • Exoscale
  • Fortigate
  • Gandi
  • Gcore
  • Google DNS
  • Hetzner
  • HEXONET
  • hosting.de
  • Huawei Cloud DNS
  • Hurricane Electric DNS
  • INWX
  • Joker
  • Linode
  • Loopia
  • LuaDNS
  • Microsoft Windows Server DNS Server
  • Mythic Beasts
  • Name.com
  • Namecheap
  • Netcup
  • Netlify
  • NS1
  • Oracle Cloud
  • OVH
  • Packetframe
  • Porkbun
  • PowerDNS
  • Realtime Register
  • RWTH DNS-Admin
  • Sakura Cloud
  • SoftLayer
  • TransIP
  • Vultr

Currently supported Domain Registrars:

  • AWS Route 53
  • CentralNic Reseller (CNR) - formerly RRPProxy
  • CSC Global
  • DNSimple
  • DNSOVERHTTPS
  • Dynadot
  • easyname
  • Gandi
  • HEXONET
  • hosting.de
  • Internet.bs
  • INWX
  • Loopia
  • Name.com
  • Namecheap
  • OpenSRS
  • OVH
  • Porkbun
  • Realtime Register

At Stack Overflow, we use this system to manage hundreds of domains and subdomains across multiple registrars and DNS providers.

You can think of it as a DNS compiler. The configuration files are written in a DSL that looks a lot like JavaScript. It is compiled to an intermediate representation (IR). Compiler back-ends use the IR to update your DNS zones on services such as Route53, Cloudflare, and Gandi, or systems such as BIND.

An Example

dnsconfig.js:

// define our registrar and providers
var REG_NAMECOM = NewRegistrar("name.com");
var r53 = NewDnsProvider("r53")

D("example.com", REG_NAMECOM, DnsProvider(r53),
  A("@", "1.2.3.4"),
  CNAME("www","@"),
  MX("@",5,"mail.myserver.com."),
  A("test", "5.6.7.8")
)

Running dnscontrol preview will talk to the providers (here name.com as registrar and route 53 as the dns host), and determine what changes need to be made.

Running dnscontrol push will make those changes with the provider and my dns records will be correctly updated.

The easiest way to run DNSControl is to use the Docker container:

docker run --rm -it -v "$(pwd):/dns"  ghcr.io/stackexchange/dnscontrol preview

See Getting Started page on documentation site to get started!

Benefits

  • Less error-prone than editing a BIND zone file.
  • More reproducible than clicking buttons on a web portal.
  • Easily switch between DNS providers: The DNSControl language is vendor-agnostic. If you use it to maintain your DNS zone records, you can switch between DNS providers easily. In fact, DNSControl will upload your DNS records to multiple providers, which means you can test one while switching to another. We've switched providers 3 times in three years and we've never lost a DNS record.
  • Apply CI/CD principles to DNS! At StackOverflow we maintain our DNSControl configurations in Git and use our CI system to roll out changes. Keeping DNS information in a VCS means we have full history. Using CI enables us to include unit-tests and system-tests. Remember when you forgot to include a "." at the end of an MX record? We haven't had that problem since we included a test to make sure Tom doesn't make that mistake... again.
  • Adopt (GitOps) PR-based updates. Allow developers to send updates as PRs, which you can review before you approve.
  • Variables save time! Assign an IP address to a constant and use the variable name throughout the file. Need to change the IP address globally? Just change the variable and "recompile."
  • Macros! Define your SPF records, MX records, or other repeated data once and re-use them for all domains.
  • Control Cloudflare from a single source of truth. Enable/disable Cloudflare proxying (the "orange cloud" button) directly from your DNSControl files.
  • Keep similar domains in sync with transforms and other features. If one domain is supposed to be a filtered version of another, this is easy to set up.
  • It is extendable! All the DNS providers are written as plugins. Writing new plugins is very easy.

Installation

DNSControl can be installed via packages for macOS, Linux and Windows, or from source code. See the official instructions.

Via GitHub Actions (GHA)

See dnscontrol-action or gacts/install-dnscontrol.

Deprecation warnings (updated 2024-03-25)

  • REV() will switch from RFC2317 to RFC4183 in v5.0. This is a breaking change. Warnings are output if your configuration is affected. No date has been announced for v5.0. See https://docs.dnscontrol.org/language-reference/top-level-functions/revcompat
  • NAMEDOTCOM and SOFTLAYER need maintainers! These providers have no maintainer. Maintainers respond to PRs and fix bugs in a timely manner, and try to stay on top of protocol changes.

More info at our website

The website: https://docs.dnscontrol.org/

The getting started guide: https://docs.dnscontrol.org/getting-started/getting-started

Stargazers over time

Stargazers over time