1
0
mirror of https://github.com/StackExchange/dnscontrol.git synced 2024-05-11 05:55:12 +00:00
Commit Graph

97 Commits

Author SHA1 Message Date
61fc663c3d BUG: AutoDNSSEC validation is too aggressive
This should be a warning.
2023-03-17 11:36:44 -04:00
3b6591fd95 NEW FEATURE: Support DNS LOC record type (#2174) 2023-03-16 14:04:20 -04:00
dde7e5daf7 FEATURE: Detect simple CNAME loops (#2112) 2023-03-01 10:15:41 -05:00
169d7c8062 CHORE: linting (#2098) 2023-02-27 20:28:17 -05:00
b1b24df6cb Remove value check for removed AUTODNSSEC() function (we now only have AUTODNSSEC_ON and AUTODNSSEC_OFF) (#2091) 2023-02-23 08:28:22 -05:00
7236ea818e Verify that registrar and dns providers match if autodnssec is enabled (#2056) (#2090)
Co-authored-by: Yannik Sembritzki <yannik@sembritzki.org>
2023-02-22 14:43:27 -05:00
17a43cb0a9 TTL warnings should be more verbose (#2069) 2023-02-15 10:00:02 -05:00
7ed849d10d NS1: Improve NS1_URLFWD handling (#2015) 2023-01-29 22:01:41 -05:00
430568c8f8 DOCS: Replace stackexchange.github.io (#2004)
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
2023-01-29 13:14:22 -05:00
a136621052 Improve warnings related to _ and TTLs (#1989) 2023-01-28 11:10:02 -05:00
31723ad146 PERFORMANCE: Refactor auditrecords.go to loop only once #1570 (#1658)
* stash

* Use rejectif idea

* rename

* wip!

* Convert old systems to new

* fixup!

* fix typo
2022-08-11 17:24:47 -04:00
bcaa6b15cb AuditRecords should report the provider name (#1628) 2022-07-18 12:59:22 -04:00
752e25471d NEW PROVIDER: CSCGLOBAL as DNS Service Provider (#1516)
* Move the registrar features to a separate file

* Prepare the testing framework

* Roughed out functions

* Fix up structs

* WIP!

* First tests pass

* wip!

* Flesh out remaining rTypes, get nameservers, etc

* Fix TXT records

* Clean up code

* More cleanups. Fix CAA/SRV

* Linting

* Cleanups/linting

* Fix CAA [more] and more cleanups

* CSC does not like very long txt records

* Use timer only when interactive

* Disable CAA for now

* Update docs

* Remove debug printf

* add go-isatty

* cleanups
2022-06-12 16:01:08 -04:00
58b2704fde BUG: With TYPE in creds.json, CAA compatibility check breaks (#1514) 2022-05-29 12:14:17 -04:00
997e1a0901 BUGFIX: Skip AuditRecords when running dnscontrol check (#1508)
Fixes 1507
2022-05-23 13:27:53 -04:00
9e6d642e35 NEW FEATURE: Moving provider TYPE from dnsconfig.js to creds.json (#1500)
Fixes https://github.com/StackExchange/dnscontrol/issues/1457

* New-style creds.json implememented backwards compatible

* Update tests

* Update docs

* Assume new-style TYPE
2022-05-08 14:23:45 -04:00
6e802f2257 Emit warning in case of label having multiple TTLs
An RRSet (=label) consisting of multiple records with different TTLs is
something not supported by most providers, and should be avoided.
Furthermore it is deprecated in rfc2181#section-5.2

Emit a warning for now during validation, eventually turning it into a full-blown error.

Fixes #1372
2022-05-04 11:20:27 -04:00
c8a5060dfb Emit warning in case of label having multiple TTLs (#1489)
* Emit warning in case of label having multiple TTLs

An RRSet (=label) consisting of multiple records with different TTLs is
something not supported by most providers, and should be avoided.
Furthermore it is deprecated in rfc2181#section-5.2

Emit a warning for now during validation, eventually turning it into a full-blown error.

Fixes #1372

* normalize: less verbose checkLabelHasMultipleTTLs

Code would previously emit a warning for each record it found matching a
previously found label but with a different ttl. This could potentially become
too verbose of an output for larger zones.

Split the loop into two loops, one storing labels and their records' TTLs, the
second checking for multiple TTLs, in order to minimize the messages logged to
one message per problematic label, regardless for the number of records involved.

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
2022-05-04 08:41:16 -04:00
99210c9d1c Make skip_fqdn_check error message easier to understand and fix (#1477) 2022-04-04 14:05:49 -04:00
444b893e1b MAINT: Sort various lists (#1433)
* maint: sort lists in build/generate/featureMatrix.go

* maint: sort lists in docs/byo-secrets.md

* maint: sort lists in models/record.go

* maint: sort lists in pkg/normalize/validate.go

* maint: sort lists in providers/activedir/activedirProvider.go

* maint: sort lists in providers/akamaiedgedns/akamaiEdgeDnsProvider.go

* maint: sort lists in providers/axfrddns/axfrddnsProvider.go

* maint: sort lists in providers/azuredns/azureDnsProvider.go

* maint: sort lists in providers/cloudflare/cloudflareProvider.go

* maint: sort lists in providers/cloudns/cloudnsProvider.go

* maint: sort lists in providers/desec/desecProvider.go

* maint: sort lists in providers/digitalocean/digitaloceanProvider.go

* maint: sort lists in providers/dnsimple/dnsimpleProvider.go

* maint: sort lists in providers/dnsmadeeasy/dnsMadeEasyProvider.go

* maint: sort lists in providers/exoscale/exoscaleProvider.go

* maint: sort lists in providers/gandiv5/gandi_v5Provider.go

* maint: sort lists in providers/hedns/hednsProvider.go

* maint: sort lists in providers/hetzner/hetznerProvider.go

* maint: sort lists in providers/hexonet/hexonetProvider.go

* maint: sort lists in providers/inwx/inwxProvider.go

* maint: sort lists in providers/linode/linodeProvider.go

* maint: sort lists in providers/namecheap/namecheapProvider.go

* maint: sort lists in providers/namedotcom/namedotcomProvider.go

* maint: sort lists in providers/netcup/netcupProvider.go

* maint: sort lists in providers/ns1/ns1Provider.go

* maint: sort lists in providers/octodns/octodnsProvider.go

* maint: sort lists in providers/oracle/oracleProvider.go

* maint: sort lists in providers/ovh/ovhProvider.go

* maint: sort lists in providers/packetframe/packetframeProvider.go

* maint: sort lists in providers/powerdns/powerdnsProvider.go

* maint: sort lists in providers/route53/route53Provider.go

* maint: sort lists in providers/vultr/vultrProvider.go

* Update go:build pragmas for windows

* More sorting

* go generate
2022-03-02 11:19:15 -05:00
dcb0e58b99 MAINT: Linting (#1380)
* MAINT: Linting

* Unsort for a smaller diff

* fix hexonet error checking
2022-01-27 15:58:56 -05:00
360a6266c5 Revert "CLEANUP: Fix many golint/staticcheck issues"
This reverts commit de64f90c51.
2022-01-25 10:35:21 -05:00
de64f90c51 CLEANUP: Fix many golint/staticcheck issues 2022-01-25 10:33:48 -05:00
998a25aa08 BUG: Support RFC2317 by allowing slash in CNAME target (#1360)
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
2022-01-03 10:24:33 -05:00
7ae27aa0b9 Security: Fix many staticcheck warnings 2021-12-14 09:47:32 -05:00
654736be29 Improve MSDNS naptr support (#1165)
* MSDNS: Improve reliability of zone dump

* Update tests

* MSDNS: Add initial NAPTR support

* Update

* fix tests

* fix tests

* Fixing integration tests for NAPTR

* Handle bad JSON. Handle NAPTR TTLs
2021-06-24 18:26:21 -04:00
be1f03fb75 NEW PROVIDER: AkamaiEdgeDNS (#1174)
* downcase TLSA

* Akamai provider

* Akamai provider

* EdgeDNS provider

* AkamaiEdgeDNS provider

* AkamaiEdgeDNS provider

* AkamaiEdgeDNS provider

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
2021-06-22 10:24:49 -04:00
4586ad1281 Direct SOA record management (#1115)
* Adds SOA record to JS, zone parsing and record validation

* adds JS parsing test for SOA record

* fix validation & regenerates static resources

* Adds label and target test for SOA record

* Removes serial from SOA JS macro

* Adds generated resources

* reformat with gofmt

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
2021-05-04 15:47:26 -04:00
9f0ac5dfba DKIM is a no-op now (#1084) 2021-03-07 15:01:03 -05:00
8dea9edc34 Re-engineer TXT records for simplicity and better compliance (#1063)
TXT records are now handled different.

1. The raw input from dnsconfig.js is passed all the way to the provider. The provider can determine if it can or can't handle such records (auditrecords.go) and processes them internally as such.
2. The CanUseTXTMulti capability is no longer needed.

* DSPs now register a table of functions
* Use audits for txt record variations
* unit tests pass. integration fails.
* fix deepcopy problem
* rename to AuditRecordSupport
* Reduce use of TXTMulti
* Remove CanUseTXTMulti
* fix Test Skip
* fix DO
* fix vultr
* fix NDC
* msdns fixes
* Fix powerdns and cloudflare
* HEDNS: Fix usage of target field to resolve TXT handling (#1067)
* Fix HEXONET

Co-authored-by: Robert Blenkinsopp <robert@blenkinsopp.net>
Co-authored-by: Jakob Ackermann <das7pad@outlook.com>
2021-03-07 13:19:22 -05:00
c547beacc0 NEW FEATURE: Support Split Horizon DNS (#1034)
* Implement main feature
* BIND: Permit printf-like file name formats
* BIND: Make filenameformat work forwards and backwards.
* Fix extrator test cases
2021-02-05 12:12:45 -05:00
36289f7157 BUG: Labels that are FQDN can cause panics (#1040) 2021-02-05 11:58:17 -05:00
0d9cc35deb Add SPF support for RecordConfig (#1020)
This type is identical to TXT but used for other purposes, it is
officially supported by OctoDNS.

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
2021-01-24 15:36:48 -05:00
063d550816 js_test.go should generate & test zonefile output too (#986)
* js_test.go: Do a zonefile test if $TESTNAME/parse_tests/{zonefile} exists.
* Add parse_tests zone files for all the tests that make sense.
* js_test.go: Addd the test datafile when displaying failures.
* 007-importTransformTTL.js: Was referring to a non-existent domain.
* 012-duration.js: Had duplicate DNS records.
* 029-dextendsub.js: Move CF-related tests to separate test.
* validate.go: Report non-existent domains as an error.
* cloudflareProvider.go: newCloudflare should not talk to the API.
2020-12-03 09:33:39 -05:00
6443a31ca8 Fix REV and PTR (#979)
* Fix REV and PTR
2020-12-03 08:33:37 -05:00
13a1360779 TXT records should check length at check/preview time (#947)
* TXT records should check length
* Add validation to TXT generator
* Split and validate long TXT targets
* Add a metaparameter to TXT records to indicate autosplit is requested.
* SPF_BUILDER marks TXT records as needing to be autosplit.
* Validate should check for overly-long TXT targets
2020-11-18 07:05:26 -05:00
b275286dae Add D_EXTEND (#885) (thanks to @ad8-bdl!)
* fix get-zones code block indentation

* extend D_EXTEND to handle subdomains

* fix targets: make absolute incl. subdomain where necessary

* clarify subdomain target test (not IP && not fqdn)

* Add parse_tests for D and D_EXTEND

* _getDomainObject: examine all domains

* human readable form

* consistent test IP addresses

* Improve docs and formatting

* propagate subdomain to canonicalisation

* en-US spelling

* rm extraneous console.log

* ignore subdomain for CF_REDIRECT

* clarify D_EXTEND doc re. CF_REDIRECT

* rm extraneous linebreak

* _getDomainObject: examine all domains

* human readable form

* consistent test IP addresses

* propagate subdomain to canonicalisation

* en-US spelling

* rm extraneous console.log

* ignore subdomain for CF_REDIRECT

* clarify D_EXTEND doc re. CF_REDIRECT

* rm extraneous linebreak

* GANDI_V5: Use github.com/go-gandi/go-gandi, not github.com/tiramiseb/go-gandi (#883)

* DOCUMENTATION: Fix error in CNAME.md (#877)

The current example `CNAME("def", "test.subdomain"), // def.example.com -> test.subdomain.example.com` is invalid (correctly raises a validation error, "ERROR: in CNAME def.example.com: target (test.subdomain) must end with a (.)")

* typos, fmt; example syntax fixes and real output

* formatting; re-add lost comment

* RecordConfig subdomain should be nullable

* providers/cscglobal/api.go: Fix fmt string

* More tests and docs

* go generate

Co-authored-by: Ben L <47653825+ad8-bdl@users.noreply.github.com>
2020-10-07 14:27:33 -04:00
f082ad36c8 AUTODNSSEC -> AUTODNSSEC_ON (#863)
* AUTODNSSEC -> AUTODNSSEC_ON
* Validate AutoDNSSEC values
* AUTODNSSEC now generates a warning and does nothing.
2020-09-27 16:37:42 -04:00
408e7eb0ce NAMESERVER() validity check fixed (#866) 2020-09-20 10:41:42 -04:00
b6fd4dffd7 Cleanups: Fix many issues reported by staticcheck.io (#837)
* Lint: Fix ST1005: error strings should not be capitalized

* Cleanup: Fix a lot of staticcheck.io warnings
2020-08-30 20:38:08 -04:00
cb9a82717b Allow for Name's that start with _ (#830)
* Allow for Name's that start with _

* update tests

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
2020-08-30 20:35:07 -04:00
de308c0952 Lint: Fix ST1005: error strings should not be capitalized (#834) 2020-08-30 19:52:37 -04:00
541bb805da linting (#777) 2020-07-06 20:18:24 -04:00
ff8ce26cee Provider support for DS records as children only (#765)
This functionality is required by the GCLOUD provider, which supports
recordsets of type DS but only for child records of the zone, to enable
further delegation. It does not support them at the apex of the zone (@)
because Google Cloud DNS is not itself a registrar which needs to model
this information.

A related change (14ff68b151, #760) was
previously introduced to enable DS support in Google, which broke
integration tests with this provider.

To cleanly support this, we introduce a new provider capability
CanUseDSForChildren and appropriate integration tests. Further, it is no
longer possible to verify a provider has the proper capabilities for a
zone simply by existence of particular records; we adapt the capability
checks to enable inspection of the individual recordsets where this is
required.

Closes #762
2020-06-18 17:24:13 -04:00
676d98fc4a Linting (#767)
What could possibly go wrong?
2020-06-18 09:37:57 -04:00
4713bbad7d Rebase and regenerate 2020-05-30 11:06:13 -04:00
e57eaccac9 Merge 2020-05-30 11:06:13 -04:00
c0354a585d DS: More cleanups 2020-05-30 11:06:12 -04:00
a89ab89ab6 Fix the merge mess I made with the DS merge (#754)
* DS: More cleanups

* Added DS for cloudflare provider with tests

* Merge

* Added generated files

* Regenerated documentation matrix

* rebased and regenerated

* Updated integration tests

* Rebase and regenerate

* More cleanups

Co-authored-by: Robert Koch <robert@kochie.io>
Co-authored-by: Nicolai Ehemann <nicolai.ehemann@enerko-informatik.de>
2020-05-30 11:05:54 -04:00
87a5c4b339 New RTYPE: DS records now supported! (#753)
Thanks to @haraldkoch for starting this, @McNetic for picking it up.

* Added DS record type

* Added DS for cloudflare provider with tests

* Removed DS validation, fixed parse test

* Added generated files

* Added dnsimple ds record

* Regenerated documentation matrix

* rebased and regenerated

* Updated integration tests

* Rebase and regenerate

* Enable DS record type for provider desec

* Added DS record type

* Added DS for cloudflare provider with tests

* Removed DS validation, fixed parse test

* Added generated files

* Added dnsimple ds record

* Regenerated documentation matrix

* rebased and regenerated

* Updated integration tests

* Rebase and regenerate

* Enable DS record type for provider desec

* Rebase and fixes

Co-authored-by: Robert Koch <robert@kochie.io>
Co-authored-by: Nicolai Ehemann <nicolai.ehemann@enerko-informatik.de>
2020-05-30 10:40:21 -04:00