DnsControl
cfssl
| DnsControl | cfssl | |
|---|---|---|
| 32 | 25 | |
| 3,849 | 9,428 | |
| 0.9% | 0.7% | |
| 9.7 | 5.6 | |
| 3 days ago | about 1 month ago | |
| Go | Go | |
| MIT License | BSD 2-clause "Simplified" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
DnsControl
-
DNSControl + CoreDNS Container Example - Announcement
I'm excited to share a comprehensive example repository that demonstrates the complete workflow from DNSControl JavaScript configurations to a production-ready containerized DNS server:
-
DNS as Code: Managing Cloudflare Records with DNSControl
DNSControl is how you get there. It is an open-source tool from Stack Exchange that treats your DNS zone as code. You define records in a config file, run a preview to see what would change, and push to apply. It supports Cloudflare, Route53, and about 30 other providers.
-
Dropping Cloudflare for Bunny.net
I've tested just about every DNS provider I could find. Self-hosting aside, I always come back to CloudDNS and LuaDNS. I'm currently using LuaDNS as a "dumb" DNS host (i.e., not using their Lua configuration-as-code system), managed using DNSControl.
https://www.cloudns.net/premium/
https://www.luadns.com/pricing.html
https://dnscontrol.org
I've found every other offering to be lacking. Some examples: Cloudflare is alright but has settings footguns if you're not used to Their Way of Doing It™. deSEC is free but sometimes quite slow to propagate, and its UI and API are unwieldy. DNS Made Easy is often advocated for on social media, but it seems ridiculously expensive so I've never even trialed it.
-
Show HN: OctoDNS, Tools for managing DNS across multiple providers
I compared OctoDNS with DNSControl (https://github.com/StackExchange/dnscontrol) a few years ago and settled with DNSControl because it had more providers out of the box.
But using either of these tools to have your DNS redeploy-able to a new provider is a great idea for resiliency.
- DNSControl: Synchronize your DNS to multiple providers from a simple DSL
- Show HN: WireHub – easily create and share WireGuard networks
-
How to mitigate the Hetzner/Linode XMPP.ru MitM interception incident
See RFC5507: "Why Adding a New Resource Record Type Is the Preferred Solution"
DNS providers should support a wide range of RR types, and domain owners should vote with their NS records.
See https://github.com/StackExchange/dnscontrol/blob/master/docu... for a list of DNS providers that support CAA.
- DNSControl – Seamlessly manage DNS configuration across servers and providers
-
Using AWS Route53 for personal use
I would create an AWS account for Route53 only. No other services or resources would be deployed. To manage the DNS records I may use: https://github.com/StackExchange/dnscontrol
-
Libdns: Core interfaces for universal DNS record manipulation across providers
How is this compared to https://dnscontrol.org/ from Stackoverflow?
cfssl
-
NGINX Technical Practice: Configuration Guide for TCP Layer 4 Port Proxy and mTLS Mutual Encryption Authentication
wget -q -O /usr/local/bin/cfssl https://github.com/cloudflare/cfssl/releases/download/v1.6.4/cfssl_1.6.4_linux_amd64 wget -q -O /usr/local/bin/cfssljson https://github.com/cloudflare/cfssl/releases/download/v1.6.4/cfssljson_1.6.4_linux_amd64 wget -q -O /usr/local/bin/cfssl-certinfo https://github.com/cloudflare/cfssl/releases/download/v1.6.4/cfssl-certinfo_1.6.4_linux_amd64 # Add executable permissions to the tools chmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson /usr/local/bin/cfssl-certinfo
- Running one’s own root Certificate Authority in 2023
- Selfhosted CA tutorial
-
i must be the only guy that understands certificates
cfssl is kinda outright better version of that.
-
SSL certificate problem: unhandled critical extension
The Cloudflare SSL tools at https://github.com/cloudflare/cfssl might help. Here's what it shows for one of the example Snake Oil certs:
-
Private CA management
I've used this in the past and it worked great. https://github.com/cloudflare/cfssl
- Linux Certificate Authority root stores have a too simple view of 'trust'
- Creating an internal Certificate Authority in 2022 that is accepted by modern web browsers.
-
How to create users in Kubernetes
The first step is to create the source key that represents our user. This key is created using a tool like openssl but another popular tool to use is cfssl, created by Cloudflare. Some folks think cfssl is easier to use, and it definitely looks easier to script. But for this example we will use openssl. You can also choose to create the key using a number of different algorithms. For this example we will use ED25519.
-
[Legal notice] IoT Core will be discontinued on Aug. 16, 2023
TLS/SSL worked well with client certificates generated by the CFSSL API.
What are some alternatives?
octoDNS - Tools for managing DNS across multiple providers
OpenSSL - General purpose TLS and crypto library
DomainMOD - DomainMOD is an open source application written in PHP & MySQL used to manage your domains and other internet assets in a central location. DomainMOD also includes a Data Warehouse framework that allows you to import your web server data so that you can view, export, and report on your live data.
easy-rsa - easy-rsa - Simple shell based CA utility
xmdns - XML DNS DHCP Host management scheme
certificates - 🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.