Open lug-gh opened 2 weeks ago
lug-gh
commented
2 weeks ago I also found another bug while testing. In example 2 you can see that 83 entries are not deleted due to NO_PURGE. Unfortunately, these are deleted during the push! But only if "MODIFY-TTL" is executed. If there are no changes to the NS TTL, then NO_PURGE is also respected for the existing entries.
tlimoncelli
commented
2 weeks ago CC'ing @arnoschoon (maintainer of the AutoDNS provider). (I don't have access to a test account for AutoDNS)
By the way... the source to DOMAIN_ELSEWHERE_AUTO is here/ . You can copy it into dnsconfig.js and customize it. Your code will override the code from helpers.js.
arnoschoon
commented
1 week ago Hi @lug-gh,
Thanks for reaching out and your patience.
Can you supply me with the exact version (and possibly CLI command) you're using? I'm not able to reproduce the issue with nameservers you mention, but that might have something to do with my environment.
I admit AutoDNS is a bit peculiar in it's nameserver handling, but from your example I can't find out if it's an actual issue or your using it in a more advanced way than I did when developing this provider.
We're using the command below in our CI pipeline for several domains and I've not encountered this specific issue before. But had a hard time using those IGNORE_*-functions to be honest.
docker run --rm --user $(id -u):$(id -g) --volume ${bamboo.tmp.directory}:${bamboo.tmp.directory} --volume ${bamboo.working.directory}:${bamboo.working.directory} --workdir ${bamboo.working.directory} ghcr.io/stackexchange/dnscontrol:4.10.0 pushOur dnsconfig.js uses some macro's to add some default records for parked domains but that probably just works since we don't attempt the more advanced stuff you're seeking.
var REG_NONE = NewRegistrar("none");
var ADNS = NewDnsProvider("autodns");
var CAA_BUILDER_CONFIG = {
label: "@",
iodef: "mailto:security@acme.com",
iodef_critical: true,
issue: [
"letsencrypt.org", // https://letsencrypt.org/docs/caa/
"amazon.com", // https://docs.aws.amazon.com/acm/latest/userguide/setup-caa.html
"amazontrust.com",
"awstrust.com",
"amazonaws.com",
"sectigo.com", // https://help.zerossl.com/hc/en-us/articles/360060119753-Invalid-CAA-Records
"pki.goog", // https://pki.goog/faq/#caa
"digicert.com" // https://developers.cloudflare.com/ssl/reference/certificate-authorities/ - https://developers.cloudflare.com/ssl/reference/certificate-authorities/#caa-records
]
};
var DEFAULT_RECORDS = function(domain) {
return [
NAMESERVER_TTL('2d'),
DefaultTTL('15m'),
CAA_BUILDER(CAA_BUILDER_CONFIG)
]
}
var PARKED_DOMAIN = function(domain) {
return [].concat(DEFAULT_RECORDS(domain), [
TXT('@', 'v=spf1 -all'),
TXT('*._domainkey', 'v=DKIM1; p='),
TXT('_dmarc', 'v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s;')
])
}
D('acme.be', REG_NONE, DnsProvider(ADNS), PARKED_DOMAIN('acme.be'));
D('acme.com', REG_NONE, DnsProvider(ADNS),
DEFAULT_RECORDS('acme.com'),
MX('@', 10, 'acme-com.mail.protection.outlook.com.'),
SPF_BUILDER({
label: '@',
overflow: '_spf%d',
parts: [
'v=spf1',
'include:spf.protection.outlook.com',
'include:mail.zendesk.com',
'~all'
]
}),
TXT('@', 'MS=ms726835'),
TXT('zendeskverification', '892ba8baf29928'),
TXT('hello', 'world!'),
CNAME('zendesk1', 'mail1.zendesk.com.'),
);Please let me know if you are able to adapt to the example I've pasted here and if you still run into problems which version you are using.
Best, ~Arno
tlimoncelli
commented
5 days ago Hi hi!
I'm not sure if this is related but... IGNORE() doesn't ignore nameserve delegations (updating the parent or registrar). I'm not sure if that is going to affect this bug, I thought I'd mention it.
As far as NO_PURGE deleting records when it should (possibly related to MODIFY-TTL): That is outside the control of Porkbun as it is part of the main system. Could you make a minimal repro case that demonstrates that bug? Please file that as a separate bug. Thanks!
NOTE: Have a general question? You'll get a better response on the dnscontrol-discuss email list!
Describe the bug Depending on how my dnsconfig.js looks like, DNSControl wants to either create or modify my NS entries, even if I work with IGNORE(). I suspect it has to do with AutoDNS separating the nameservers and the rest of the resource records. In the resource records are all DNS entries of the zone, except the name servers, these are visible to the user in another menu item, and are then summarized by the AutoDNS backend for the zone.
To Reproduce Example 1:
preview shows:
Since I use IGNORE("*"), the NS records should not be created, also, they already exist:
dig sub.example.org ns @a.ns14.netExample 2
The preview shows that DNSControl wants to change the TTL of the name servers.
Expected behavior DNSControl should not touch the name servers
DNS Provider
additional context I have only just started using DNSControl, so I can't rule out the possibility that this is simply an operating error on my side, but the different behavior with regard to CREATE and MODIFY of the nameservers makes me very suspicious.