* Added DU() and getConfiguredDomains()
* Added docs for both new functions
* Added a space between option and its value
* Renamed "DU" to "D_EXTEND", adjusted docs
* Fixed: Changed old DU() calls to D_EXTEND()
* Add multiple string support to SPF optimizer
Notes:
* This implements [RFC 4408][rfc] for the SPF optimizer. Allowing for
more SPF records to fit within the 10 lookups by using multiple strings.
* By default the max size of the TXT remains at 255. Meaning users will
still only get a single 255 length string unless they modify `txtMaxSize`
and opt into this feature.
* The general recommendation when using multiple strings for TXT records
is to keep the size within a single UDP packet. It seems like the
maximum size for this depends on a bunch of factors that are sometimes
outside of your control. A similar tool has a [formula for estimating the
maximum allowed size][formula]. However I felt giving a user
configurable size would fit with the current configuration style that
dnscontrol has. Similar to how dnscontrol recommends only flattening a
record if absolutely needed, I can see this length being increased by
only enough to get you within 10 lookups.
[rfc]: https://tools.ietf.org/html/rfc4408#section-3.1.3
[formula]: https://github.com/oasys/mkspf/blob/master/Overhead.md
* Add a nice comment for the Chunks function
Open to other configuration opens for how best to make this optional. Or
potentially making this an opt in configuration item which would be a
breaking change.
The main reason that someone would want to disable this is if their raw
SPF record goes over the 255 characters. This is potentially another
place that could get some multi string support. But as it is only used
for debugging purposes it seems like there should be a way to outright
disable it too.
Thanks to @haraldkoch for starting this, @McNetic for picking it up.
* Added DS record type
* Added DS for cloudflare provider with tests
* Removed DS validation, fixed parse test
* Added generated files
* Added dnsimple ds record
* Regenerated documentation matrix
* rebased and regenerated
* Updated integration tests
* Rebase and regenerate
* Enable DS record type for provider desec
* Added DS record type
* Added DS for cloudflare provider with tests
* Removed DS validation, fixed parse test
* Added generated files
* Added dnsimple ds record
* Regenerated documentation matrix
* rebased and regenerated
* Updated integration tests
* Rebase and regenerate
* Enable DS record type for provider desec
* Rebase and fixes
Co-authored-by: Robert Koch <robert@kochie.io>
Co-authored-by: Nicolai Ehemann <nicolai.ehemann@enerko-informatik.de>
Final changes before V3.0.0 release
* Remove old Gandi. Fixes #575
* Many cleanups
* go mod tidy && go mod vendor
* integration_test.go: Output subtest name
* Cleanups
* integration_test.go: Description should include sub-test name
* Add a whitespace test to js/parse_tests/017-txt.js
* Cloudflare strips whitespace from end of TXT
* Fixes https://github.com/StackExchange/dnscontrol/issues/700
* Whitespace at end of TXT records
Name.com strips the whitespace from the end of a TXT record. There's
nothing we can do other than file a bug.
* Fixes https://github.com/StackExchange/dnscontrol/issues/701
* Add AUTODNSSEC, implement for DNSimple
There are two models for DNSSEC in DNS management: either dnscontrol
manages all the DNSSEC records and has to be invoked regularly for
re-signing, or the provider manages DNSSEC automatically and dnscontrol
is not involved beyond saying "yeah, do that".
This implements the latter, as a model, and for one provider.
Potentially we could tune/configure options for DNSSEC such as
algorithm, but DNSimple don't expose that API so I haven't implemented
it.
This minimal model should be something which maps into other providers
cleanly.
* Fix missing CanAutoDNSSEC on provider
* Validation fix for master broken
This is broken in master and causing Travis in my branch to fail. The
validation tool runs with `gofmt -s` to require "simplify", and so
rejects an ignored second bound variable to range iteration.
* Correct wire in the AUTODNSSEC validation step
* Replaced errors.Wrap with fmt.Errorf (#589)
* Find: errors\.Wrap\(([^,]+),\s+(["`][^"`]*)(["`])\)
Replace: fmt.Errorf($2: %w$3, $1)
* Replaced errors.Wrapf with fmt.Errorf (#589)
* Find: errors\.Wrapf\(([^,]+),\s+(["`][^"`]*)(["`])\)
Replace: fmt.Errorf($2: %w$3, $1)
* Find: errors\.Wrapf\(([^,]+),\s+(["`][^"`]*)(["`])(,[^)]+)\)
* Replace: fmt.Errorf($2: %w$3$4, $1)
* Replaced errors.Errorf with fmt.Errorf (#589)
* Find: errors\.Errorf
Replace: fmt.Errorf
* Cleaned up remaining imports
* Cleanup
* Regenerate provider support matrix
This was broken by #533 ... and it's now the third time this has been missed.
* Switched to v2 go.mod
Also set GO111MODULE=on in build stuff to always use Go modules
even when in GOPATH.
* Ensure go.mod, go.sum, and vendor are up to date
* Attempt to fix Azure pipelines
* Add set -e to properly fail on exit (it didn't seem to be
propagating properly before).
* Set workingDirectory for GoFmt and GoGen (this might be why it
fails unlike compile and unitests).
* Another attempt to fix Azure Pipelines
* Use the Go env template for all go-related jobs.
* Completely fixed Azure Pipelines
* Added a display name to GoFmt for consistency.
* Fixed diffs for GoFmt and GoGen.
* Show git status for checks.
* Drop GOPATH for tests
TODO: Do the same for integration tests.
* Drop GOPATH for integration tests
* Show more diffs
* Regenerate provider support matrix
This wasn't done in #590...
* models/record.go: SRV targets are case insensitive. Downcase them.
* models/t_srv.go: Rename setTargetIntAndStrings() to setTargetSRVIntAndStrings() (makes it easier to search for /setTargetSRV/).
* pkg/js/parse_tests/021-srv.js*: SRV: Add parse_tests
* pkg/normalize/validate.go: SRV targets are hostnames, turn into FQDNs.
* Add #rtype_variations warnings for future developers
This:
* adds a global -v flag for verbosity
* refactors the "printer" package to have a DefaultPrinter and package
functions that call it, similar to net/http's DefaultServeMux
* adds printer tests
* moves current users of Debugf to Printf
* moves most users of the "log" package to use "printer"
* demotes noticably noisy log messages to "Debugf", like "IGNORE"-
and "NO_PURGE"-related messages
* Update helpers.js CAA_CRITICAL flag=128 (#318)
CAA flag "Issuer Critical Flag" sets first bit (bit 0) to 1 where bit 0 is the 8th bit in the flag, so it's doing the change by left shift 7 positions the value 1.
* Change caa tests
Apply changes for Travis-CI, now caaflag must be 128 instead of 1.
* generated static.go and matrix.html
* Stable comparison of metadata (#239)
Iterating over a map in Go never produces twice the same ordering.
Thus when comparing two metadata map with more than one key, the
`differ` is always finding differences.
To properly compare records metadata, we need to iterate the maps
in a deterministic way.
Signed-off-by: Brice Figureau <brice@daysofwonder.com>
* Support for Route53 ALIAS record type (#239)
Route53 ALIAS doesn't behave like a regular ALIAS, and is much more
limited as its target can only be some specific AWS resources or
another record in the same zone.
According to #239, this change adds a new directive R53_ALIAS which
implements this specific alias. This record type can only be used
with the Route53 provider.
This directive usage looks like this:
```js
D("example.com", REGISTRAR, DnsProvider("ROUTE53"),
R53_ALIAS("foo1", "A", "bar") // record in same zone
R53_ALIAS("foo2", "A",
"blahblah.elasticloadbalancing.us-west-1.amazonaws.com",
R53_ZONE('Z368ELLRRE2KJ0')) // ELB in us-west-1
```
Unfortunately, Route53 requires indicating the hosted zone id
where the target is defined (those are listed in AWS documentation,
see the R53_ALIAS documentation for links).
* Add support for the IGNORE(name) directive (#183)
IGNORE is like NO_PURGE but for a spefic record instead of the whole
zone. This is very useful for instance if you have a zone where
only some records are managed externally from dnscontrol (for instance
using kubernetes external dns system).
Adding IGNORE("foo") in the zone will make dnscontrol not trying
to manage the "foo" record (and especially not deleting it).
dnscontrol will error out if the "foo" record is both ignored and
managed in dnscontrol.
This can be seen as a generic Cloudflare's ignored label.
Signed-off-by: Brice Figureau <brice@daysofwonder.com>
* Deprecate CloudFlare ignoredLabels in favor of IGNORE (#183)
Since IGNORE implements a generic `ignoredLabels` system, let
the user know CF `ignoredLabels` are deprecated.
Signed-off-by: Brice Figureau <brice@daysofwonder.com>
