mirror/stackexchange-dnscontrol
1
0
Fork 0
mirror of https://github.com/StackExchange/dnscontrol.git synced 2024-05-11 05:55:12 +00:00
Code Issues Releases Activity

Add AUTODNSSEC, implement for DNSimple (#640)

Browse Source 
* Add AUTODNSSEC, implement for DNSimple

There are two models for DNSSEC in DNS management: either dnscontrol
manages all the DNSSEC records and has to be invoked regularly for
re-signing, or the provider manages DNSSEC automatically and dnscontrol
is not involved beyond saying "yeah, do that".

This implements the latter, as a model, and for one provider.

Potentially we could tune/configure options for DNSSEC such as
algorithm, but DNSimple don't expose that API so I haven't implemented
it.

This minimal model should be something which maps into other providers
cleanly.

* Fix missing CanAutoDNSSEC on provider

* Validation fix for master broken

This is broken in master and causing Travis in my branch to fail.  The
validation tool runs with `gofmt -s` to require "simplify", and so
rejects an ignored second bound variable to range iteration.

* Correct wire in the AUTODNSSEC validation step
This commit is contained in:
Phil Pennock
2020-02-22 07:09:31 -05:00
committed by GitHub
parent b360ddd1e9
commit 9b239f41a3
13 changed files with 292 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
pkg/normalize/validate.go
View File

@@ -436,23 +436,34 @@ func checkProviderCapabilities(dc *models.DomainConfig) error {
cap providers.Capability
}{
{"ALIAS", providers.CanUseAlias},
{"PTR", providers.CanUsePTR},
{"SRV", providers.CanUseSRV},
{"AUTODNSSEC", providers.CanAutoDNSSEC},
{"CAA", providers.CanUseCAA},
{"PTR", providers.CanUsePTR},
{"SSHFP", providers.CanUseSSHFP},
{"SRV", providers.CanUseSRV},
{"TLSA", providers.CanUseTLSA},
}
for _, ty := range types {
hasAny := false
for _, r := range dc.Records {
if r.Type == ty.rType {
switch ty.rType {
case "AUTODNSSEC":
if dc.AutoDNSSEC {
hasAny = true
break
}
default:
for _, r := range dc.Records {
if r.Type == ty.rType {
hasAny = true
break
}
}
}
if !hasAny {
continue
}
for _, provider := range dc.DNSProviderInstances {
// fmt.Printf(" (checking if %q can %q for domain %q)\n", provider.ProviderType, ty.rType, dc.Name)
if !providers.ProviderHasCapability(provider.ProviderType, ty.cap) {
return fmt.Errorf("Domain %s uses %s records, but DNS provider type %s does not support them", dc.Name, ty.rType, provider.ProviderType)
}