mirror/stackexchange-dnscontrol
1
0
Fork 0
mirror of https://github.com/StackExchange/dnscontrol.git synced 2024-05-11 05:55:12 +00:00
Code Issues Releases Activity

HETZNER: provider maintenance (#2258)

Browse Source 
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
This commit is contained in:
Jakob Ackermann
2023-04-03 22:26:05 +01:00
committed by GitHub
parent 45a5c2d4bd
commit e230ade9c2
7 changed files with 185 additions and 322 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
documentation/providers/hetzner.md
View File

@@ -65,69 +65,36 @@ At this time you cannot update SOA records via DNSControl.
### Rate Limiting
Hetzner is rate limiting requests in multiple tiers: per Hour, per Minute and
per Second.
Hetzner is rate limiting requests quite heavily.
Depending on how many requests you are planning to perform, you can adjust the
delay between requests in order to stay within your quota.
The rate limit and remaining quota is advertised in the API response headers.
The setting `optimize_for_rate_limit_quota` controls this behavior and accepts
a case-insensitive value of
- `Hour`
- `Minute`
- `Second`
The default for `optimize_for_rate_limit_quota` is `Second`.
Example: Your per minute quota is 60 requests and in your settings you
specified `Minute`. DNSControl will perform at most one request per second.
DNSControl will emit a warning in case it breaches the next quota.
In your `creds.json` for all `HETZNER` provider entries:
{% code title="creds.json" %}
```json
{
"hetzner": {
"TYPE": "HETZNER",
"api_key": "your-api-key",
"optimize_for_rate_limit_quota": "Minute"
}
}
```
{% endcode %}
DNSControl will burst through half of the quota, and then it spreads the
requests evenly throughout the remaining window. This allows you to move fast
and be able to revert accidental changes to the DNS config in a timely manner.
Every response from the Hetzner DNS Console API includes your limits:
```shell
curl --silent --include \
--header 'Auth-API-Token: ...' \
https://dns.hetzner.com/api/v1/zones \
| grep x-ratelimit-limit
x-ratelimit-limit-second: 3
x-ratelimit-limit-minute: 42
x-ratelimit-limit-hour: 1337
https://dns.hetzner.com/api/v1/zones
Access-Control-Allow-Origin *
Content-Type application/json; charset=utf-8
Date Sat, 01 Apr 2023 00:00:00 GMT
Ratelimit-Limit 42
Ratelimit-Remaining 33
Ratelimit-Reset 7
Vary Origin
X-Ratelimit-Limit-Minute 42
X-Ratelimit-Remaining-Minute 33
```
With the above values, DNSControl will not delay the next 12 requests (until it
hits `Ratelimit-Remaining: 21 # 42/2`) and then slow down requests with a
delay of `7s/22 ≈ 300ms` between requests (about 3 requests per second).
Performing these 12 requests might take longer than 7s, at which point the
quota resets and DNSControl will burst through the quota again.
Every DNSControl invocation starts from scratch in regard to rate-limiting.
In case you are frequently invoking DNSControl, you will likely hit a limit for
any first request.
You can either use an out-of-bound delay (e.g. `$ sleep 1`), or specify
`start_with_default_rate_limit` in the settings of the provider.
With `start_with_default_rate_limit` DNSControl uses a quota equivalent to
`x-ratelimit-limit-second: 1` until it could parse the actual quota from an
API response.
In your `creds.json` for all `HETZNER` provider entries:
{% code title="creds.json" %}
```json
{
"hetzner": {
"TYPE": "HETZNER",
"api_key": "your-api-key",
"start_with_default_rate_limit": "true"
}
}
```
{% endcode %}
DNSControl will retry rate-limited requests (status 429) and respect the
advertised `Retry-After` delay.