mirror/stackexchange-dnscontrol
1
0
Fork 0
mirror of https://github.com/StackExchange/dnscontrol.git synced 2024-05-11 05:55:12 +00:00
Code Issues Releases Activity

DOCS: Mostly styling and links (#2178)

Browse Source 
Co-authored-by: Tom Limoncelli <tal@whatexit.org>
This commit is contained in:
Paul Dee
2023-03-15 23:43:57 +01:00
committed by GitHub
parent 81054e72c5
commit 731181ffa1
24 changed files with 186 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
documentation/adding-new-rtypes.md
View File

@ -106,7 +106,7 @@ example we removed `providers.CanUseCAA` from the
Add a function to `pkg/js/helpers.js` for the new record type. This
is the JavaScript file that defines `dnsconfig.js`'s functions like
`A()` and `MX()`. Look at the definition of A, MX and CAA for good
[`A()`](functions/domain/A.md) and [`MX()`](functions/domain/MX.md). Look at the definition of `A`, `MX` and `CAA` for good
examples to use as a base.
Please add the function alphabetically with the others. Also, please run

9
documentation/cli-variables.md
View File

@ -16,11 +16,14 @@ This would set the variable with the name `testKey` and the value of `testValue`
The `CLI_DEFAULTS` feature is used to define default values for when a variable is not defined on the command line.
{% code title="dnsconfig.js" %}
```javascript
CLI_DEFAULTS({
"variableName": "defaultValue",
});
```
{% endcode %}
You need to define this defaults just once in your `dnsconfig.js`. It should be defined **before** using it.
@ -35,6 +38,7 @@ In this configuration:
* `dnscontrol push` would generate the external (default) view.
* `dnscontrol push -v view=internal` would generate the internal view.
{% code title="dnsconfig.js" %}
```javascript
// See https://docs.dnscontrol.org/advanced-features/cli-variables
CLI_DEFAULTS({
@ -59,6 +63,8 @@ D("example.org", REG_NAMECOM, DnsProvider(DNS_NAMECOM), DnsProvider(DNS_BIND),
A("sited", host02, TTL(1800))
);
```
{% endcode %}
## Example 2: Different DNS records
@ -70,6 +76,7 @@ In this configuration:
* `dnscontrol push` would generate the normal configuration.
* `dnscontrol push -v emergency=true` would generate the emergency configuration.
{% code title="dnsconfig.js" %}
```javascript
// See https://docs.dnscontrol.org/advanced-features/cli-variables
CLI_DEFAULTS({
@ -102,6 +109,8 @@ if (emergency) {
}
```
{% endcode %}
#### ProTips

6
documentation/code-tricks.md
View File

@ -20,6 +20,7 @@ Domains that use Google G-Suite require a specific list of MX
records, plus there are some CNAMEs that are useful (but we only
want the CNAMEs on a subset of domains).
{% code title="dnsconfig.js" %}
```javascript
var GOOGLE_APPS_DOMAIN_MX = [
MX("@", 1, "aspmx.l.google.com."),
@ -51,6 +52,8 @@ D("aliasdomain.tld", DnsProvider(...),
CNAME(...)
}
```
{% endcode %}
# Many domains with the exact same records
@ -59,6 +62,7 @@ records.
Solution: Use a loop. (Note: See caveats below.)
{% code title="dnsconfig.js" %}
```javascript
// The domains are parked. Use the exact same records for each.
_.each(
@ -75,6 +79,8 @@ _.each(
}
);
```
{% endcode %}
# Caveats about getting too fancy

54
documentation/examples.md
View File

@ -1,5 +1,6 @@
## Typical DNS Records
## Typical DNS Records ##
{% code title="dnsconfig.js" %}
```javascript
D('example.com', REG, DnsProvider('GCLOUD'),
A('@', '1.2.3.4'), // The naked or 'apex' domain.
@ -14,9 +15,11 @@ D('example.com', REG, DnsProvider('GCLOUD'),
NS('department2', 'ns2.dnsexample.com.') // for department2.example.com
)
```
{% endcode %}
## Set TTLs
## Set TTLs ##
{% code title="dnsconfig.js" %}
```javascript
var mailTTL = TTL('1h');
@ -31,9 +34,10 @@ D('example.com', registrar,
CNAME('mail', 'mx01') // TTL of 5m, as defined per DefaultTTL()
);
```
{% endcode %}
## Variables for common IP Addresses
## Variables for common IP Addresses ##
{% code title="dnsconfig.js" %}
```javascript
var addrA = IP('1.2.3.4')
@ -42,17 +46,19 @@ D('example.com', REG, DnsProvider('R53'),
A('www', addrA + 1), // 1.2.3.5
)
```
{% endcode %}
{% hint style="info" %}
**NOTE**: The `IP()` function doesn't currently support IPv6 (PRs welcome!). IPv6 addresses are strings.
**NOTE**: The [`IP()`](functions/global/IP.md) function doesn't currently support IPv6 (PRs welcome!). IPv6 addresses are strings.
{% endhint %}
{% code title="dnsconfig.js" %}
```javascript
var addrAAAA = "0:0:0:0:0:0:0:0";
```
{% endcode %}
## Variables to swap active Data Center
## Variables to swap active Data Center ##
{% code title="dnsconfig.js" %}
```javascript
var dcA = IP('5.5.5.5');
var dcB = IP('6.6.6.6');
@ -64,9 +70,10 @@ D('example.com', REG, DnsProvider('R53'),
A('@', activeDC + 5), // fixed address based on activeDC
)
```
{% endcode %}
## Macro for repeated records
## Macro for repeated records ##
{% code title="dnsconfig.js" %}
```javascript
var GOOGLE_APPS_MX_RECORDS = [
MX('@', 1, 'aspmx.l.google.com.'),
@ -91,9 +98,10 @@ D('example.com', REG, DnsProvider('R53'),
A('@', '1.2.3.4')
)
```
{% endcode %}
## Use SPF_BUILDER to add comments to SPF records
## Use SPF_BUILDER to add comments to SPF records ##
{% code title="dnsconfig.js" %}
```javascript
D("example.tld", REG, DSP, ...
A("@", "10.2.2.2"),
@ -113,9 +121,10 @@ D("example.tld", REG, DSP, ...
}),
);
```
{% endcode %}
## Dual DNS Providers
## Dual DNS Providers ##
{% code title="dnsconfig.js" %}
```javascript
D('example.com', REG, DnsProvider('R53'), DnsProvider('GCLOUD'),
A('@', '1.2.3.4')
@ -133,9 +142,10 @@ D('example3.com', REG, DnsProvider('R53'), DnsProvider('GCLOUD',0),
A('@', '1.2.3.4')
)
```
{% endcode %}
## Set default records modifiers
## Set default records modifiers ##
{% code title="dnsconfig.js" %}
```javascript
DEFAULTS(
NAMESERVER_TTL('24h'),
@ -143,26 +153,27 @@ DEFAULTS(
CF_PROXY_DEFAULT_OFF
);
```
# Advanced Examples
# Advanced Examples #
## Automate Fastmail DKIM records
## Automate Fastmail DKIM records ##
In this example we need a macro that can dynamically change for each domain.
Suppose you have many domains that use Fastmail as an MX. Here's a macro that sets the MX records.
{% code title="dnsconfig.js" %}
```javascript
var FASTMAIL_MX = [
MX('@', 10, 'in1-smtp.messagingengine.com.'),
MX('@', 20, 'in2-smtp.messagingengine.com.'),
]
```
{% endcode %}
Fastmail also supplied CNAMES to implement DKIM, and they all match a pattern
that includes the domain name. We can't use a simple macro. Instead, we use
a function that takes the domain name as a parameter to generate the right
records dynamically.
{% code title="dnsconfig.js" %}
```javascript
var FASTMAIL_DKIM = function(the_domain){
return [
@ -172,9 +183,10 @@ var FASTMAIL_DKIM = function(the_domain){
]
}
```
{% endcode %}
We can then use the macros as such:
{% code title="dnsconfig.js" %}
```javascript
D("example.com", REG_NONE, DnsProvider(DSP_R53_MAIN),
FASTMAIL_MX,

2
documentation/functions/domain/CF_REDIRECT.md
View File

@ -14,7 +14,7 @@ parameter_types:
`CF_REDIRECT` uses Cloudflare-specific features ("Forwarding URL" Page Rules) to
generate a HTTP 301 permanent redirect.
If _any_ `CF_REDIRECT` or `CF_TEMP_REDIRECT` functions are used then
If _any_ `CF_REDIRECT` or [`CF_TEMP_REDIRECT`](CF_TEMP_REDIRECT.md) functions are used then
`dnscontrol` will manage _all_ "Forwarding URL" type Page Rules for the domain.
Page Rule types other than "Forwarding URL” will be left alone.

2
documentation/functions/domain/CF_TEMP_REDIRECT.md
View File

@ -14,7 +14,7 @@ parameter_types:
`CF_TEMP_REDIRECT` uses Cloudflare-specific features ("Forwarding URL" Page
Rules) to generate a HTTP 302 temporary redirect.
If _any_ `CF_REDIRECT` or `CF_TEMP_REDIRECT` functions are used then
If _any_ [`CF_REDIRECT`](CF_REDIRECT.md) or `CF_TEMP_REDIRECT` functions are used then
`dnscontrol` will manage _all_ "Forwarding URL" type Page Rules for the domain.
Page Rule types other than "Forwarding URL” will be left alone.

6
documentation/functions/domain/NAMESERVER.md
View File

@ -14,8 +14,8 @@ For some registrars this will also add NS records to the zone itself.
This takes exactly one argument: the name of the nameserver. It must end with
a "." if it is a FQDN, just like all targets.
This is different than the `NS()` function, which inserts NS records
in the current zone and accepts a label. `NS()` is useful for downward
This is different than the [`NS()`](NS.md) function, which inserts NS records
in the current zone and accepts a label. [`NS()`](NS.md) is useful for downward
delegations. `NAMESERVER()` is for informing upstream delegations.
For more information, refer to [this page](../../nameservers.md).
@ -43,7 +43,7 @@ D("example2.com", REGISTRAR, .... ,
Nameservers are one of the least
understood parts of DNS, so a little extra explanation is required.
* `NS()` lets you add an NS record to a zone, just like A() adds an A
* [`NS()`](NS.md) lets you add an NS record to a zone, just like [`A()`](A.md) adds an A
record to the zone. This is generally used to delegate a subzone.
* The `NAMESERVER()` directive speaks to the Registrar about how the parent should delegate the zone.

20
documentation/functions/domain/NO_PURGE.md
View File

@ -2,13 +2,13 @@
name: NO_PURGE
---
NO_PURGE indicates that records should not be deleted from a domain.
`NO_PURGE` indicates that records should not be deleted from a domain.
Records will be added and updated, but not removed.
NO_PURGE is generally used in very specific situations:
`NO_PURGE` is generally used in very specific situations:
* A domain is managed by some other system and DNSControl is only used to insert a few specific records and/or keep them updated. For example a DNS Zone that is managed by Active Directory, but DNSControl is used to update a few, specific, DNS records. In this case we want to specify the DNS records we are concerned with but not delete all the other records. This is a risky use of NO_PURGE since, if NO_PURGE was removed (or buggy) there is a chance you could delete all the other records in the zone, which could be a disaster. That said, domains with some records updated using Dynamic DNS have no other choice.
* To work-around a pseudo record type that is not supported by DNSControl. For example some providers have a fake DNS record type called "URL" which creates a redirect. DNSControl normally deletes these records because it doesn't understand them. NO_PURGE will leave those records alone.
* A domain is managed by some other system and DNSControl is only used to insert a few specific records and/or keep them updated. For example a DNS Zone that is managed by Active Directory, but DNSControl is used to update a few, specific, DNS records. In this case we want to specify the DNS records we are concerned with but not delete all the other records. This is a risky use of `NO_PURGE` since, if `NO_PURGE` was removed (or buggy) there is a chance you could delete all the other records in the zone, which could be a disaster. That said, domains with some records updated using Dynamic DNS have no other choice.
* To work-around a pseudo record type that is not supported by DNSControl. For example some providers have a fake DNS record type called "URL" which creates a redirect. DNSControl normally deletes these records because it doesn't understand them. `NO_PURGE` will leave those records alone.
In this example DNSControl will insert "foo.example.com" into the
zone, but otherwise leave the zone alone. Changes to "foo"'s IP
@ -23,19 +23,19 @@ D("example.com", .... , NO_PURGE,
```
{% endcode %}
The main caveat of NO_PURGE is that intentionally deleting records
becomes more difficult. Suppose a NO_PURGE zone has an record such
The main caveat of `NO_PURGE` is that intentionally deleting records
becomes more difficult. Suppose a `NO_PURGE` zone has an record such
as A("ken", "1.2.3.4"). Removing the record from dnsconfig.js will
not delete "ken" from the domain. DNSControl has no way of knowing
the record was deleted from the file The DNS record must be removed
manually. Users of NO_PURGE are prone to finding themselves with
manually. Users of `NO_PURGE` are prone to finding themselves with
an accumulation of orphaned DNS records. That's easy to fix for a
small zone but can be a big mess for large zones.
Not all providers support NO_PURGE. For example the BIND provider
Not all providers support `NO_PURGE`. For example the BIND provider
rewrites zone files from scratch each time, which precludes supporting
NO_PURGE. DNSControl will exit with an error if NO_PURGE is used
`NO_PURGE`. DNSControl will exit with an error if `NO_PURGE` is used
on a driver that does not support it.
There is also `PURGE` command for completeness. `PURGE` is the
There is also [`PURGE`](PURGE.md) command for completeness. [`PURGE`](PURGE.md) is the
default, thus this command is a no-op.

4
documentation/functions/domain/PTR.md
View File

@ -53,7 +53,7 @@ are all equivalent:
* `PTR('4.3',` // Assuming the domain is `2.1.in-addr.arpa`
All magic is RFC2317-aware. We use the first format listed in the
RFC for both `REV()` and `PTR()`. The format is
RFC for both [`REV()`](../global/REV.md) and `PTR()`. The format is
`FIRST/MASK.C.B.A.in-addr.arpa` where `FIRST` is the first IP address
of the zone, `MASK` is the netmask of the zone (25-31 inclusive),
and A, B, C are the first 3 octets of the IP address. For example
@ -91,6 +91,6 @@ D(REV('2001:db8:302::/48'), REGISTRAR, DnsProvider(BIND),
```
{% endcode %}
In the future we plan on adding a flag to `A()` which will insert
In the future we plan on adding a flag to [`A()`](A.md)which will insert
the correct PTR() record if the appropriate `.arpa` domain has been
defined.

6
documentation/functions/domain/PURGE.md
View File

@ -2,15 +2,15 @@
name: PURGE
---
PURGE is the default setting for all domains. Therefore PURGE is
`PURGE` is the default setting for all domains. Therefore `PURGE` is
a no-op. It is included for completeness only.
A domain with a mixture of NO_PURGE and PURGE parameters will abide
A domain with a mixture of `NO_PURGE` and `PURGE` parameters will abide
by the last one.
These three examples all are equivalent.
PURGE is the default:
`PURGE` is the default:
{% code title="dnsconfig.js" %}
```javascript

6
documentation/functions/domain/R53_ALIAS.md
View File

@ -11,9 +11,9 @@ parameter_types:
provider: ROUTE53
---
R53_ALIAS is a Route53 specific virtual record type that points a record at either another record or an AWS entity (like a Cloudfront distribution, an ELB, etc...). It is analogous to a CNAME, but is usually resolved at request-time and served as an A record. Unlike CNAMEs, ALIAS records can be used at the zone apex (`@`)
`R53_ALIAS` is a Route53 specific virtual record type that points a record at either another record or an AWS entity (like a Cloudfront distribution, an ELB, etc...). It is analogous to a `CNAME`, but is usually resolved at request-time and served as an `A` record. Unlike `CNAME` records, `ALIAS` records can be used at the zone apex (`@`)
Unlike the regular ALIAS directive, R53_ALIAS is only supported on Route53. Attempting to use R53_ALIAS on another provider than Route53 will result in an error.
Unlike the regular [`ALIAS`](ALIAS.md) directive, `R53_ALIAS` is only supported on Route53. Attempting to use `R53_ALIAS` on another provider than Route53 will result in an error.
The name should be the relative label for the domain.
@ -22,7 +22,7 @@ Target should be a string representing the target. If it is a single label we wi
The Target can be any of:
* _CloudFront distribution_: in this case specify the domain name that CloudFront assigned when you created your distribution (note that your CloudFront distribution must include an alternate domain name that matches the record you're adding)
* _Elastic Beanstalk environment_: specify the CNAME attribute for the environment. The environment must have a regionalized domain name. To get the CNAME, you can use either the [AWS Console](http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customdomains.html), [AWS Elastic Beanstalk API](http://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeEnvironments.html), or the [AWS CLI](http://docs.aws.amazon.com/cli/latest/reference/elasticbeanstalk/describe-environments.html).
* _Elastic Beanstalk environment_: specify the `CNAME` attribute for the environment. The environment must have a regionalized domain name. To get the `CNAME`, you can use either the [AWS Console](http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customdomains.html), [AWS Elastic Beanstalk API](http://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeEnvironments.html), or the [AWS CLI](http://docs.aws.amazon.com/cli/latest/reference/elasticbeanstalk/describe-environments.html).
* _ELB load balancer_: specify the DNS name that is associated with the load balancer. To get the DNS name you can use either the AWS Console (on the EC2 page, choose Load Balancers, select the right one, choose the description tab), [ELB API](http://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html), the [AWS ELB CLI](http://docs.aws.amazon.com/cli/latest/reference/elb/describe-load-balancers.html), or the [AWS ELBv2 CLI](http://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-load-balancers.html).
* _S3 bucket_ (configured as website): specify the domain name of the Amazon S3 website endpoint in which you configured the bucket (for instance s3-website-us-east-2.amazonaws.com). For the available values refer to the [Amazon S3 Website Endpoints](http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region).
* _Another Route53 record_: specify the value of the name of another record in the same hosted zone.

2
documentation/functions/domain/SOA.md
View File

@ -37,4 +37,4 @@ The email address should be specified like a normal RFC822/RFC5322 address (user
* The serial number is managed automatically. It isn't even a field in `SOA()`.
* Most providers automatically generate SOA records. They will ignore any `SOA()` statements.
There is more info about SOA in the documentation for the [BIND provider](../../providers/bind.md).
There is more info about `SOA` in the documentation for the [BIND provider](../../providers/bind.md).

2
documentation/functions/domain/SSHFP.md
View File

@ -14,7 +14,7 @@ parameter_types:
"modifiers...": RecordModifier[]
---
SSHFP contains a fingerprint of a SSH server which can be validated before SSH clients are establishing the connection.
`SSHFP` contains a fingerprint of a SSH server which can be validated before SSH clients are establishing the connection.
**Algorithm** (type of the key)

2
documentation/functions/domain/TLSA.md
View File

@ -16,7 +16,7 @@ parameter_types:
"modifiers...": RecordModifier[]
---
TLSA adds a TLSA record to a domain. The name should be the relative label for the record.
`TLSA` adds a `TLSA` record to a domain. The name should be the relative label for the record.
Usage, selector, and type are ints.

12
documentation/functions/domain/TXT.md
View File

@ -10,7 +10,7 @@ parameter_types:
"modifiers...": RecordModifier[]
---
TXT adds an TXT record To a domain. The name should be the relative
`TXT` adds an `TXT` record To a domain. The name should be the relative
label for the record. Use `@` for the domain apex.
The contents is either a single or multiple strings. To
@ -49,7 +49,7 @@ if it does not handle multiple strings.
### TXT record edge cases
Most providers do not support the full possibilities of what a TXT
Most providers do not support the full possibilities of what a `TXT`
record can store. DNSControl can not handle all the edge cases
and incompatibles that providers have introduced. Instead, it
stores the string(s) that you provide and passes them to the provider
@ -57,14 +57,14 @@ verbatim. The provider may opt to accept the data, fix it, or
reject it. This happens early in the processing, long before
the DNSControl talks to the provider's API.
The RFCs specify that a TXT record stores one or more strings,
The RFCs specify that a `TXT` record stores one or more strings,
each is up to 255 octets (bytes) long. We call these individual
strings *chunks*. Each chunk may be zero to 255 octets long.
There is no limit to the number of chunks in a TXT record,
There is no limit to the number of chunks in a `TXT` record,
other than IP packet length restrictions. The contents of each chunk
may be octets of value from 0x00 to 0xff.
In reality DNS Service Providers (DSPs) place many restrictions on TXT
In reality DNS Service Providers (DSPs) place many restrictions on `TXT`
records.
Some DSPs only support a single string of 255 octets or fewer.
@ -87,7 +87,7 @@ double quotes, back-ticks, or other chars.
#### How can you tell if a provider will support a particular `TXT()` record?
Include the `TXT()` record in a `D()` as usual, along
Include the `TXT()` record in a [`D()`](../global/D.md) as usual, along
with the `DnsProvider()` for that provider. Run `dnscontrol check` to
see if any errors are produced. The check command does not talk to
the provider's API, thus permitting you to do this without having an

2
documentation/functions/global/DOMAIN_ELSEWHERE.md
View File

@ -40,6 +40,6 @@ D("example.com", REG_NAMEDOTCOM,
{% endcode %}
{% hint style="info" %}
**NOTE**: The `NO_PURGE` is used out of abundance of caution but since no
**NOTE**: The [`NO_PURGE`](../domain/NO_PURGE.md) is used out of abundance of caution but since no
`DnsProvider()` statements exist, no updates would be performed.
{% endhint %}

2
documentation/functions/global/DOMAIN_ELSEWHERE_AUTO.md
View File

@ -44,5 +44,5 @@ D("example.com", REG_NAMEDOTCOM,
{% endcode %}
{% hint style="info" %}
**NOTE**: The `NO_PURGE` is used to prevent DNSControl from changing the records.
**NOTE**: The [`NO_PURGE`](../domain/NO_PURGE.md) is used to prevent DNSControl from changing the records.
{% endhint %}

12
documentation/functions/global/D_EXTEND.md
View File

@ -9,13 +9,13 @@ parameter_types:
---
`D_EXTEND` adds records (and metadata) to a domain previously defined
by `D()`. It can also be used to add subdomain records (and metadata)
by [`D()`](D.md). It can also be used to add subdomain records (and metadata)
to a previously defined domain.
The first argument is a domain name. If it exactly matches a
previously defined domain, `D_EXTEND()` behaves the same as `D()`,
previously defined domain, `D_EXTEND()` behaves the same as [`D()`](D.md),
simply adding records as if they had been specified in the original
`D()`.
[`D()`](D.md).
If the domain name does not match an existing domain, but could be a
(non-delegated) subdomain of an existing domain, the new records (and
@ -24,12 +24,12 @@ names (labels), and targets (as appropriate). See the examples below.
Matching the domain name to previously-defined domains is done using a
`longest match` algorithm. If `domain.tld` and `sub.domain.tld` are
defined as separate domains via separate `D()` statements, then
defined as separate domains via separate [`D()`](D.md) statements, then
`D_EXTEND('sub.sub.domain.tld', ...)` would match `sub.domain.tld`,
not `domain.tld`.
Some operators only act on an apex domain (e.g.
`CF_REDIRECT` and `CF_TEMP_REDIRECT`). Using them
[`CF_REDIRECT`](../domain/CF_REDIRECT.md) and [`CF_TEMP_REDIRECT`](../domain/CF_TEMP_REDIRECT.md)). Using them
in a `D_EXTEND` subdomain may not be what you expect.
{% code title="dnsconfig.js" %}
@ -83,7 +83,7 @@ ProTips: `D_EXTEND()` permits you to create very complex and
sophisticated configurations, but you shouldn't. Be nice to the next
person that edits the file, who may not be as expert as yourself.
Enhance readability by putting any `D_EXTEND()` statements immediately
after the original `D()`, like in above example. Avoid the temptation
after the original [`D()`](D.md), like in above example. Avoid the temptation
to obscure the addition of records to existing domains with randomly
placed `D_EXTEND()` statements. Don't build up a domain using loops of
`D_EXTEND()` statements. You'll be glad you didn't.

6
documentation/functions/global/REV.md
View File

@ -10,7 +10,7 @@ ts_return: string
`REV` returns the reverse lookup domain for an IP network. For
example `REV('1.2.3.0/24')` returns `3.2.1.in-addr.arpa.` and
`REV('2001:db8:302::/48)` returns `2.0.3.0.8.b.d.0.1.0.0.2.ip6.arpa.`.
This is used in `D()` functions to create reverse DNS lookup zones.
This is used in [`D()`](D.md) functions to create reverse DNS lookup zones.
This is a convenience function. You could specify `D('3.2.1.in-addr.arpa',
...` if you like to do things manually but why would you risk making
@ -51,6 +51,6 @@ D(REV('2001:db8:302::/48'), REGISTRAR, DnsProvider(BIND),
```
{% endcode %}
In the future we plan on adding a flag to `A()` which will insert
the correct PTR() record if the appropriate `D(REV()` domain (i.e. `.arpa` domain) has been
In the future we plan on adding a flag to [`A()`](../domain/A.md)which will insert
the correct PTR() record in the appropriate `D(REV())` domain (i.e. `.arpa` domain) has been
defined.

2
documentation/getting-started.md
View File

@ -84,6 +84,7 @@ and renaming it.
The file looks like:
{% code title="dnsconfig.js" %}
```javascript
// Providers:
@ -96,6 +97,7 @@ D('example.com', REG_NONE, DnsProvider(DNS_BIND),
A('@', '1.2.3.4')
);
```
{% endcode %}
Modify this file to match your particular providers and domains. See [the DNSConfig docs](js.md) and [the provider docs](providers.md) for more details.

42
documentation/nameservers.md
View File

@ -8,6 +8,7 @@ The document shows examples of many common and uncommon configurations.
All the examples use the variables. Substitute your own.
{% code title="dnsconfig.js" %}
```javascript
// ========== Registrars:
@ -27,6 +28,8 @@ var DNS_GOOGLE = NewDnsProvider("gcp_main");
var DNS_CLOUDFLARE = NewDnsProvider("cloudflare_main");
var DNS_BIND = NewDnsProvider("bind");
```
{% endcode %}
# Typical Delegations
@ -38,12 +41,15 @@ Use the same provider as a registrar and DNS service.
Why?
Simplicity.
{% code title="dnsconfig.js" %}
```javascript
D("example1.com", REG_NAMECOM,
DnsProvider(DNS_NAMECOM),
A("@", "10.2.3.4")
);
```
{% endcode %}
## Different provider for REG and DNS
@ -54,13 +60,15 @@ Why?
Some registrars do not provide DNS server, or their service is sub-standard and
you want to use a high-performance DNS server.
{% code title="dnsconfig.js" %}
```javascript
D("example1.com", REG_NAMECOM,
DnsProvider(DNS_AWS),
A("@", "10.2.3.4")
);
```
{% endcode %}
## Registrar is elsewhere
@ -73,12 +81,15 @@ You don't have access to the registrar, or the registrar is not
supported by DNSControl. However you do have API access for
updating the zone's records (most likely at a different provider).
{% code title="dnsconfig.js" %}
```javascript
D("example1.com", REG_THIRDPARTY,
DnsProvider(DNS_NAMECOM),
A("@", "10.2.3.4")
);
```
{% endcode %}
## Zone is elsewhere
@ -90,6 +101,7 @@ We are delegating the domain to someone else. In this example we're
pointing the domain to the nsone.net DNS service, which someone else is
controlling.
{% code title="dnsconfig.js" %}
```javascript
D("example1.com", REG_NAMECOM,
NAMESERVER("dns1.p03.nsone.net."),
@ -98,6 +110,8 @@ D("example1.com", REG_NAMECOM,
NAMESERVER("dns4.p03.nsone.net."),
);
```
{% endcode %}
## Override nameservers
@ -110,6 +124,7 @@ nameservers are, or the API is returning invalid data, or if the API returns no
information. Sometimes APIs return no (useful) information when the domain
is new; this is a good temporary work-around until the API starts working.
{% code title="dnsconfig.js" %}
```javascript
D("example1.com", REG_NAMECOM,
DnsProvider(DNS_CLOUDFLARE, 0), // Set the DNS provider but ignore the nameservers it suggests (0 == take none of the names it reports)
@ -118,6 +133,8 @@ D("example1.com", REG_NAMECOM,
A("@", "10.2.3.4")
);
```
{% endcode %}
## Add nameservers
@ -127,6 +144,7 @@ Use the default nameservers from the registrar but add additional ones.
Why?
Usually only to correct a bug or misconfiguration elsewhere.
{% code title="dnsconfig.js" %}
```javascript
D("example1.com", REG_NAMECOM,
DnsProvider(DNS_NAMECOM),
@ -134,6 +152,8 @@ D("example1.com", REG_NAMECOM,
A("@", "10.2.3.4")
);
```
{% endcode %}
## Shadow nameservers
@ -147,6 +167,7 @@ There are many reasons to do this:
* You want your DNS records stored somewhere else in case you have to switch over in an emergency.
* You are sending the zone to a local caching DNS server.
{% code title="dnsconfig.js" %}
```javascript
D("example1.com", REG_NAMECOM,
DnsProvider(DNS_NAMECOM), // Our real DNS server
@ -155,6 +176,8 @@ D("example1.com", REG_NAMECOM,
A("@", "10.2.3.4")
);
```
{% endcode %}
## Dual DNS Providers
@ -175,6 +198,7 @@ More info: https://www.dns-oarc.net/files/workshop-201203/OARC-workshop-London-2
**NOTE**: This is overkill unless you have millions of users and strict up-time requirements.
{% endhint %}
{% code title="dnsconfig.js" %}
```javascript
D("example1.com", REG_NAMECOM,
DnsProvider(DNS_AWS, 2), // Take 2 nameservers from AWS
@ -182,6 +206,8 @@ D("example1.com", REG_NAMECOM,
A("@", "10.2.3.4")
);
```
{% endcode %}
# Other uses
@ -201,6 +227,7 @@ this is the output of DNSControl, not the input.
**NOTE**: This won't work if you use pseudo rtypes that BIND doesn't support.
{% endhint %}
{% code title="dnsconfig.js" %}
```javascript
D("example1.com", REG_NAMECOM,
DnsProvider(DNS_NAMECOM),
@ -208,6 +235,8 @@ D("example1.com", REG_NAMECOM,
A("@", "10.2.3.4")
);
```
{% endcode %}
## Monitor delegation
@ -221,6 +250,7 @@ Sometimes you just want to know if something changes!
See the [DNS-over-HTTPS Provider](providers/dnsoverhttps.md) documentation for more info.
{% code title="dnsconfig.js" %}
```javascript
var REG_MONITOR = NewRegistrar('DNS-over-HTTPS');
@ -229,6 +259,8 @@ D("example1.com", REG_MONITOR,
NAMESERVER("ns2.example1.com."),
);
```
{% endcode %}
{% hint style="info" %}
**NOTE**: This checks the NS records via a DNS query. It does not check the
@ -244,6 +276,7 @@ DNSControl has some built-in macros that you might find useful.
Easily delegate a domain to a specific list of nameservers.
{% code title="dnsconfig.js" %}
```javascript
DOMAIN_ELSEWHERE("example1.com", REG_NAMECOM, [
"dns1.example.net.",
@ -251,18 +284,23 @@ DOMAIN_ELSEWHERE("example1.com", REG_NAMECOM, [
"dns3.example.net.",
]);
```
{% endcode %}
## `DOMAIN_ELSEWHERE_AUTO`
Easily delegate a domain to a nameservers via an API query.
Easily delegate a domain to a nameserver via an API query.
This is similar to `DOMAIN_ELSEWHERE` but the list
of nameservers is queried from the API of a single DNS provider.
{% code title="dnsconfig.js" %}
```javascript
DOMAIN_ELSEWHERE_AUTO("example1.com", REG_NAMECOM, DNS_AWS);
DOMAIN_ELSEWHERE_AUTO("example2.com", REG_NAMECOM, DNS_GOOGLE);
```
{% endcode %}
# Limits

6
documentation/typescript.md
View File

@ -36,9 +36,12 @@ type checking (i.e. red squiggly underlines when you misuse APIs), there is one
Add this comment to the top of your `dnsconfig.js` file:
{% code title="dnsconfig.js" %}
```javascript
// @ts-check
```
{% endcode %}
That should be all you need to do!
@ -58,9 +61,12 @@ Bug: Values passed to `CLI_DEFAULTS` (and the corresponding `-v` command-line op
Workaround: create a new `.d.ts` file in the same folder as your `dnsconfig.js` file. In that file, add the following line for each variable you want to use (replacing `VARIABLE_NAME` with the name of the variable).
{% code title=".d.ts" %}
```javascript
declare const VARIABLE_NAME: string;
```
{% endcode %}
This will tell TypeScript that the variable exists, and that its a string.

3
documentation/why-the-dot.md
View File

@ -29,12 +29,15 @@ add the domain to it.
Here are four examples:
{% code title="dnsconfig.js" %}
```javascript
CNAME("foo", "bar") // Permitted. (expands to bar.$DOMAIN)
CNAME("foo", "bar.com.") // Permitted. (we are certain what the user wants)
CNAME("foo", "bar.com") // ERROR (ambiguous)
CNAME("foo", "meta.xyz") // ERROR (ambiguous)
```
{% endcode %}
The first 2 examples are permitted. The last 2 examples are
ambiguous and are therefore are considered errors.