octoDNS
lexicon
Our great sponsors
octoDNS | lexicon | |
---|---|---|
13 | 16 | |
2,972 | 1,442 | |
1.7% | - | |
9.3 | 8.8 | |
9 days ago | 2 months ago | |
Python | Python | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
octoDNS
- Show HN: WireHub – easily create and share WireGuard networks
- OctoDNS: Tools for managing DNS across multiple providers
-
What is the best way to integrate the bind9 service on ci/cd?
Change to a supported provider for octoDNS. I've done some automating of bind files using Jinja2/Ansible, but I had to roll my own.
-
Converting BIND DNS zones to HCL
I'd use OctoDNS with the ZoneFileSource to parse the zone files into the YAML files so I have structured data to work with, then I'd write a script to loop through each one and generate the above var.records data structure for each
-
The Dhall Configuration Language
We use https://github.com/octodns/octodns for some of our DNS records. It's flexible, much faster than Terraform for thousands of records, and the maintainer Ross has been responsive on issues and pull requests. Also see Cloudflare's blog for how they use it
-
Some of the popular DNS management services as a self hosted service
OctoDNS https://github.com/octodns/octodns
- DNSControl - the most underrated DNS tool
- AWS is down! Half of the internet is down!
-
Akamai Edge DNS Down
Have them all hot and live rather than any sort of failover system. Keep everything in sync with OctoDNS or similar
https://github.com/octodns/octodns
-
Sync Azure DNS zones with onpremise Windows DNS Server
Finally, you could explore the use of third-party sync tools - https://github.com/octodns/octodns might be a good choice.
lexicon
-
Dehydrated: Letsencrypt/acme client implemented as a shell-script
One of the biggest benefits of dehydrated is that it doesn't try to integrate with a DNS provider on its own. It just calls a hook, which can be implemented with a simple shell script[1]. The most popular third-party integration is lexicon[2], though you're not required to use Lexicon. (e.g. you're free to use awscli, gcloud, linode-cli, etc. to do the actual DNS record manipulation)
This means its dependencies footprint is much smaller, and allows you to do things that can be a nightmare to configure with Certbot or other alternatives. For example, at one of the scenarios I had to set up was that we had to query a credential via HashiCorp Vault, which is then used to cURL into an API endpoint. The shell script in total was pretty short (< 100 LOC) and it worked extremely well.
[1]: https://github.com/dehydrated-io/dehydrated/blob/master/docs...
[2]: https://github.com/AnalogJ/lexicon
-
Why Certificate Lifecycle Automation Matters
A reminder that if you an internal-only server where the typical http-01' verification connection method will not work, especially if you cannot easily/dynamically update DNS records, one can use dns-01* by using DNS aliasing/CNAME:
* https://dan.langille.org/2019/02/01/acme-domain-alias-mode/
* https://www.eff.org/deeplinks/2018/02/technical-deep-dive-se...
So if you want a cert for www.internal.example.com, you will first have do a one-time change to have a _acme-challenge.www.internal… CNAME created to point to any other (sub-)domain where you can easily update things dynamically, e.g., www-internal.example-dnsapi.com.
When request the cert for "www.internal…", LE/ACME will look up the corresponding _acme-challenge record, and go to "_acme-challenge.www-internal.example-dnsapi.com. The nonce token will be there in the 'final' destination following the CNAME in a TXT, which shows LE/ACME that you control the DNS chain.
To do the DNS updating, you can use a CLI/Python library like Lexicon, which supports dozens of APIs:
* https://github.com/AnalogJ/lexicon
-
Easy HTTPS for your private networks
This leverages the ACME DNS server which has a REST API:
* https://github.com/joohoi/acme-dns
If your DNS provider has an API, you can hook into that for internal-only web servers; this handy code supports several dozen APIs so you don't have to re-invent the wheel:
* https://github.com/AnalogJ/lexicon
* https://pypi.org/project/dns-lexicon/
* https://dns-lexicon.readthedocs.io/en/latest/user_guide.html
- Wie kommt Google Safe Browsing darauf, dass alle Seiten auf meiner Dyndns Domain phishing Seiten sind?
-
Uacme: ACMEv2 client written in plain C with minimal dependencies
> It even comes preconfigured for various DNS providers[2]
Also, CLI utility that supports a bunch of APIs:
* https://github.com/AnalogJ/lexicon
-
what are better alternatives of noip?
Then, you can use ddclient, which supports many DNS services (including those providing DynDNS protocol), or you can write a Python script using the dns-lexicon module to manipulate the DNS records over the API.
- NextDNS Launches API
- Lexicon: Manipulate DNS records on various DNS providers in a standardized way.
- Lexicon: Manipulate DNS records on various DNS providers in a standardized way
- Some of the popular DNS management services as a self hosted service
What are some alternatives?
DnsControl - Infrastructure as code for DNS!
letsencrypt - Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
DomainMOD - DomainMOD is an open source application written in PHP & MySQL used to manage your domains and other internet assets in a central location. DomainMOD also includes a Data Warehouse framework that allows you to import your web server data so that you can view, export, and report on your live data.
acme.sh - A pure Unix shell script implementing ACME client protocol
Designate - OpenStack Technical Committee Decisions. Mirror of code maintained at opendev.org.
extdns - External DNS for docker-compose
dnstwist - Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
duckdns - Caddy module: dns.providers.duckdns
desec-stack - Backbone of the deSEC.io Free Secure DNS Hosting Service
lego - Let's Encrypt/ACME client and library written in Go
ens - Implementations for ENS core functionality: The registry, registrars, and public resolvers.
docker-dehydrated-lexicon - Just a container to help on requesting letsencrypt certificates with dns-01 validation