* Adds SOA record to JS, zone parsing and record validation
* adds JS parsing test for SOA record
* fix validation & regenerates static resources
* Adds label and target test for SOA record
* Removes serial from SOA JS macro
* Adds generated resources
* reformat with gofmt
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
* Simply mark DS as supported, let existing tests handle it.
* Fix trivial typo in diagnostic feedback from model SetTargetDSString()
* The support matrix includes more changes because it was stale.
* Add http.net provider
* Rename httpnetProvider
* Add SSHFP capability
* Add paging for records
* Sort documentation notes alphabetically
* Add custom base URL
* Extend documentation for custom base URL
* - renamed to hosting.de
- Fix EnsureDomainExists
- GetNameservers read from NS Records
* Replaced http.net with hosting.de
Contributor Support from hosting.de
* baseURL for hosting.de in documentation
replaced %v with %w for errors
special handling for txt records using .TxtStrings
* removed last references to rc.Target
fixed Trim of last dot
* Re-engineer TXT records for simplicity and better compliance (#1063)
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Co-authored-by: Oliver Dick <o.dick@hosting.de>
Co-authored-by: Oliver Dick <31733320+membero@users.noreply.github.com>
TXT records are now handled different.
1. The raw input from dnsconfig.js is passed all the way to the provider. The provider can determine if it can or can't handle such records (auditrecords.go) and processes them internally as such.
2. The CanUseTXTMulti capability is no longer needed.
* DSPs now register a table of functions
* Use audits for txt record variations
* unit tests pass. integration fails.
* fix deepcopy problem
* rename to AuditRecordSupport
* Reduce use of TXTMulti
* Remove CanUseTXTMulti
* fix Test Skip
* fix DO
* fix vultr
* fix NDC
* msdns fixes
* Fix powerdns and cloudflare
* HEDNS: Fix usage of target field to resolve TXT handling (#1067)
* Fix HEXONET
Co-authored-by: Robert Blenkinsopp <robert@blenkinsopp.net>
Co-authored-by: Jakob Ackermann <das7pad@outlook.com>
* HETZNER: implement the provider for Hetzner DNS Console
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* HETZNER: apply review feedback
- add domain into error messages
- insert sub-strings using `%q`
- insert sub-errors using `%w`
- change api.getZone() signature to return a (potentially `nil`) Zone
pointer instead of a (potentially empty) Zone value
- sort imports and confirm with `$ goimports -w providers/hetzner/`
- use exact 'api_key' term in error message of settings validation
- add blank line for logic separation
- drop internal record id from correction messages
Co-Authored-By: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* HETZNER: add request rate-limiting handling
There are a limited number of data-points on how their rate-limiting
works at this time. I deduce from my account to others and use a fixed/
constant backoff of 1s as the initial delay. Thereafter exponential
increase with factor 2 (not needed at this time).
Hetzner has not made any official statements on rate-limiting, so this
is guesswork only.
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* HETZNER: address golint complaints
- baseUrl -> baseURL
- mark Record as private -> record
- mark Zone as private -> zone
- mark RequestRateLimiter as private -> requestRateLimiter
- capitalize Id fields as ID
- keep delay logic on same level, move return out of branch
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* HETZNER: rate_limited: init the response timestamp on requestRateLimiter
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* HETZNER: requestRateLimiter: align local variable with struct name
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
* Support create-domains for INWX
* Use own function to decide which NS to use when sandbox
* Updated docs via go generate
* Move domainIndex into inwxAPI struct
* Changed getDefaultNameservers() IF
* Make Tom happy
* Updated docs via go generate
* Add initial dns.he.net provider support
* Update to new IncrementalDiff interface
* Fix ListZones output for `all` query on `get-zones`
* Refactor authentication code for 2FA with better error checking
* Fix integration test and refactor zone record retrieval
* Add option to use `.hedns-session` file to store sessions between runs
* Add comment on `session-file-path`
* Add integration test for TXT records longer than 255 characters
* Add additional checks for expected responses, and better 2FA error checking
* Minor documentation changes
* Revert "Add integration test for TXT records longer than 255 characters"
This reverts commit 657272db
* Add note on provider fragility due to parsing the web-interface
* Resolve go lint issues
* Clarify security warnings in documentation
* adds initial support for INWX
* adds all features to the INWX provider
* allows domain for tests in creds.json for INWX
* runs go generate to update docs for INWX
* fixes formatting with gofmt
* changes goinwx to github.com/nrdcg/goinwx v0.8.0
* simplifies inwx sandbox check
* changes inwx unknown key error to a warning
* adds models.PostProcessRecords for inwx records
* replaces strings.TrimRight with [:-1] to remove final dot for inwx
* adds a comment about the domain creds.json key for the inwx provider
* removes warning for invalid creds.json keys in the inwx provider
* adds TOTP calculation support for inwx
* adds comments to inwxProvider
* improves INWX error messages
* adds additional documentation about the TOTP support for INWX
* adds inwx documentation
* bumps goinwx to 0.8.1 to fix the inwx API
Open to other configuration opens for how best to make this optional. Or
potentially making this an opt in configuration item which would be a
breaking change.
The main reason that someone would want to disable this is if their raw
SPF record goes over the 255 characters. This is potentially another
place that could get some multi string support. But as it is only used
for debugging purposes it seems like there should be a way to outright
disable it too.
Thanks to @haraldkoch for starting this, @McNetic for picking it up.
* Added DS record type
* Added DS for cloudflare provider with tests
* Removed DS validation, fixed parse test
* Added generated files
* Added dnsimple ds record
* Regenerated documentation matrix
* rebased and regenerated
* Updated integration tests
* Rebase and regenerate
* Enable DS record type for provider desec
* Added DS record type
* Added DS for cloudflare provider with tests
* Removed DS validation, fixed parse test
* Added generated files
* Added dnsimple ds record
* Regenerated documentation matrix
* rebased and regenerated
* Updated integration tests
* Rebase and regenerate
* Enable DS record type for provider desec
* Rebase and fixes
Co-authored-by: Robert Koch <robert@kochie.io>
Co-authored-by: Nicolai Ehemann <nicolai.ehemann@enerko-informatik.de>
Final changes before V3.0.0 release
* Remove old Gandi. Fixes #575
* Many cleanups
* go mod tidy && go mod vendor
* integration_test.go: Output subtest name
* Cleanups
* integration_test.go: Description should include sub-test name
* Add a whitespace test to js/parse_tests/017-txt.js
* Cloudflare strips whitespace from end of TXT
* Fixes https://github.com/StackExchange/dnscontrol/issues/700
* Whitespace at end of TXT records
Name.com strips the whitespace from the end of a TXT record. There's
nothing we can do other than file a bug.
* Fixes https://github.com/StackExchange/dnscontrol/issues/701
There's a philosophy issue here around what is the Bind output meant to
do. Since AFAIK we're not integrating into Bind's catalog zones or the
like, we're just targeting the zonefiles, we're not in a position to do
_anything_ relating to registrar options such as setting up DS glue.
So at one level, enabling AutoDNSSEC for Bind is a lie. But without
this, folks can't target a Bind zone as a secondary provider for their
domain, to get debug dumps of the zone output, because the checks for
"Can" block it. So I think this commit achieves a happy compromise: we
write a comment into the Bind zonefile, indicating that DNSSEC was
requested.
Actually: we add support for arbitrary zone comments to be written into
a zonefile via a slightly ugly "can be `nil`" parameter. We then write
in a generation timestamp comment, and if AutoDNSSEC was requested we
then write that in too.
* Add AUTODNSSEC, implement for DNSimple
There are two models for DNSSEC in DNS management: either dnscontrol
manages all the DNSSEC records and has to be invoked regularly for
re-signing, or the provider manages DNSSEC automatically and dnscontrol
is not involved beyond saying "yeah, do that".
This implements the latter, as a model, and for one provider.
Potentially we could tune/configure options for DNSSEC such as
algorithm, but DNSimple don't expose that API so I haven't implemented
it.
This minimal model should be something which maps into other providers
cleanly.
* Fix missing CanAutoDNSSEC on provider
* Validation fix for master broken
This is broken in master and causing Travis in my branch to fail. The
validation tool runs with `gofmt -s` to require "simplify", and so
rejects an ignored second bound variable to range iteration.
* Correct wire in the AUTODNSSEC validation step
