Automatically manage domain records via Cloudflare/AWS Route53/Google Domains

[ayushin]

Summary

It is a lot of work to update DKIM/MX etc DNS records if you manage a large number of domains.

Motivation

We could start with (likely most popular) Cloudflare API and have two buttons - check DNS / update DNS to do the job automatically.

Additional context

I would do it myself, but I am not on the PHP team :)

[ayushin]

This seems to be half of the job:

https://github.com/cloudflare/cloudflare-php

[mkuron]

I think we already had a feature request for this, but can‘t find it right now. The trouble is that, judging from what I‘ve seen, our users are spread out across dozens of different DNS providers (I don‘t even know if Cloudflare is used by many), so for this to be useful to more than just a few users, we would have to support quite a few DNS APIs. And this only makes sense if there is an existing PHP library that abstracts their details and provides a unified interface. Building such a library ourselves takes a lot of testing effort and is clearly beyond Mailcow‘s scope.

[ayushin]

I mean, clearly this is the future, so top of my head I can think of two approaches:

1. Such abstraction layer does exist - to name one is terraform.io - mailcow could generate a .tf file for selected domains to download from the admin interface

2. You could create a DNS management API on the mailcow side and let the users contribute their relative plugins:

• fetch_records
• update_records

both taking a list of DNS record object lets say from here:

https://github.com/Badcow/DNS

You could also configure such DNS management plugin per domain.

We would contribute Cloudflare plugin and perhaps somebody else could contribute others.

[andryyy]

As I said before I will implement the Servercow first IF this feature is coming.

[andryyy]

It is also much more complicated to make this work for everyone. Some want only a single SAN covered by DNS provider X, then you want another domain covered by A/AAAA check, then you want the mailcow hostname to use DNS validation #2.

Everything is always “so easy” as long as you don’t care about other peoples use cases and flexibility.

Sure I could add CF in 30 minutes with a shitty implementation that will work for a single use case. But that’s when code gets dirty and awful.

[andryyy]

Furthermore adding SO many components for something you could simply do in front of mailcow? Using foreign libraries and other components/dependencies (even Terraform) is why applications are so awe fully blown up, inflexible and difficult to use nowadays.

It is easy as long as you work with it everyday. But that’s insane to add to mailcow just for DNS handling. :/ Nah.

[ayushin]

@mkuron What's the rush to close the issue? I think we have a valuable discussion going here.

I think it is pretty obvious there is a need to automate DNS management be that within or (most likely judging by your reaction) outside of mailcow.

@andryyy

Furthermore adding SO many components for something you could simply do in front of mailcow? Using foreign libraries and other components/dependencies (even Terraform) is why applications are so awe fully blown up, inflexible and difficult to use nowadays.

That's an interesting idea. I can imagine a tool that would fetch the data from mailcow API and then propagate the DNS changes to whatever DNS provider.

Let me run this by you, lets say we wanted a mailcow-cloudflare-bridge which could be a script that:

1. Fetch the domains and DKIM records from mailcow
2. Compare with the cloudflare information
3. Suggest a diff and perform the diff

@andryyy would it be possible to create an mailcow API endpoint providing the same data you can download with DNS button per domain?

That's something we could work with.

[CaptainPalapa]

Anything ever come of this? Just got mailcow working. My first stab at it was a complete failure. I moved on to attempting mailu, and while it was okay, there were issues (for me). I tried mailcow again last night, and BOOM, it was all working perfectly. I have a few domains I have to do the DNS work for and came across this thread.

I know a lot of folks want different things, but I think Traefik has a good base for working with DNS providers via each of their API's. If I weren't so dang new to Linux, I might take a stab at it, but... I am, and I won't.