Issue with "private" zones and tldextract in `_get_zone` (dns_hetzner.py line 45)

[richardhuxton]

This one took me a little time to figure out what was going on, but basically when identifying the zone for dns updates on hetzner you use tldextract which with default settings doesn't give the right response. So, below com.de is a top-level zone the same as co.uk and needs the include_psl_private_domains flag set.

$ ./venv/bin/tldextract --json demo.huxton.org.uk
{"subdomain": "demo", "domain": "huxton", "suffix": "org.uk", "is_private": false, "fqdn": "demo.huxton.org.uk", "ipv4": "", "ipv6": "", "registered_domain": "huxton.org.uk"}

$ ./venv/bin/tldextract --json demo.huxton.com.de
{"subdomain": "demo.huxton", "domain": "com", "suffix": "de", "is_private": false, "fqdn": "demo.huxton.com.de", "ipv4": "", "ipv6": "", "registered_domain": "com.de"}

$ ./venv/bin/tldextract --json -p demo.huxton.com.de
{"subdomain": "demo", "domain": "huxton", "suffix": "com.de", "is_private": true, "fqdn": "demo.huxton.com.de", "ipv4": "", "ipv6": "", "registered_domain": "huxton.com.de"}

As far as I can see it is safe to supply the flag in all cases (https://github.com/john-kurkowski/tldextract?tab=readme-ov-file#public-vs-private-domains) but I'm no dns expert.

The other option would seem to be use of the "lexicon" alternative. It seems like that library is already in use and can use dns-python (which might work better)?

https://dns-lexicon.readthedocs.io/en/latest/user_guide.html#resolution-of-the-zone-name

PS - thanks for the plugin

[fupduck]

@richardhuxton this should be fixed with v2.0.1 Feedback would be great :)

[richardhuxton]

I've just tried it out now and forced a refresh of a certificate with 2.0.1 and I can confirm that 2.0.1 works with my .com.de domain.

Thanks very much!