Open mimi89999 opened 2 years ago
because of the limitations of RFC2136
Hello, what are those limitations?
because of the limitations of RFC2136
Hello, what are those limitations?
Mainly that it doesn't allow restricting a client to a single subdomain without requiring the creation of a separate zone. The DNS server must also support RFC2136.
Have you looked into seeing if vinyldns might be a solution for your use case? It's a gonvernance and API layer that can sit on top of an existing BIND setup for example.
because of the limitations of RFC2136
Hello, what are those limitations?
Mainly that it doesn't allow restricting a client to a single subdomain without requiring the creation of a separate zone. The DNS server must also support RFC2136.
bind9 supports RFC2136, and allows this:
update-policy {
grant certbot. name _acme-challenge.www.example.tld. txt;
};
restricting users of the "certbot." TSIG key to the www subdomain, as I understand it.
Also, if you're writing your own API, why not make the API compatible with one of the existing lego plugins? Just use one where you can change the endpoint address via configuration option, like checkdomain, or dnsimple, or easydns, ....
Or use the exec
plugin with your own client shell script.
Welcome
How do you use lego?
Binary
Link to the DNS provider
https://github.com/xivlo-sysadmins/dns-api
Link to the API documentation
https://github.com/xivlo-sysadmins/dns-api
Additional Notes
Hello,
I wrote this simple DNS API https://github.com/xivlo-sysadmins/dns-api with a Certbot plugin because of the limitations of RFC2136. I couldn't find any good existing API for that. If there is already an API other than RFC2136 for that, I can modify my server to use it.