dnsclay

DNS UPDATE/AXFR/NOTIFY to custom DNS API gateway.

Dnsclay implements a DNS server that translates DNS UPDATE (RFC 2136) and DNS AXFR (RFC 5936, zone transfers) requests to the many custom cloud DNS operator APIs for managing DNS records/zones. Dnsclay keeps a local copy of the records, periodically synchronizes its copy with authoritative data at the cloud DNS operator, and sends DNS NOTIFY (RFC 1996) messages to configured listeners when any records changed. Dnsclay also has a web interface for managing the configured zones, and for viewing and editing records.

Most cloud DNS operators implement their own custom APIs for changing DNS records. Application developers are tempted to add support for long lists of those custom APIs to their applications so they can make automated DNS changes (even just for handling ACME verification through DNS). This is time-consuming and error-prone. Developers can instead settle on the standard DNS interfaces with UPDATE/AXFR/NOTIFY, talking either directly to DNS servers that implement them (like BIND, Knot), or talking to dnsclay which does the translating.

For more information, see the documentation:

https://pkg.go.dev/github.com/mjl-/dnsclay

For additional context, see the announcement blog post:

https://www.ueber.net/who/mjl/blog/p/dnsclay-dns-update-axfr-notify-to-many-custom-dns-operator-APIs-gateway/

Installing

Get the latest binary:

https://beta.gobuilds.org/github.com/mjl-/dnsclay@latest/linux-amd64-latest-stripped/

Or compile it locally (requires a recent Go toolchain):

GOBIN=$PWD CGO_ENABLED=0 go install github.com/mjl-/dnsclay@latest

To start:

./dnsclay serve

Running this for the first time creates an admin password for the web interface, and a TLS private key for the DNS server. Use flags to the serve subcommand for setting the IPs and ports to listen on.

Providers

Support for all the cloud APIs is coming from the various community-maintained providers at https://github.com/libdns. If your DNS operator of choice is missing in dnsclay, check if someone has implemented a provider, or consider implementing it yourself. See https://github.com/libdns/libdns.

Supported providers

• github.com/libdns/autodns
• github.com/libdns/azure
• github.com/libdns/bunny
• github.com/libdns/cloudflare
• github.com/libdns/cloudns
• github.com/libdns/desec
• github.com/libdns/digitalocean
• github.com/libdns/directadmin
• github.com/libdns/dnsimple
• github.com/libdns/domainnameshop
• github.com/libdns/duckdns
• github.com/libdns/dynu
• github.com/libdns/dynv6
• github.com/libdns/easydns
• github.com/libdns/gandi
• github.com/libdns/gcore
• github.com/libdns/glesys
• github.com/libdns/godaddy
• github.com/libdns/googleclouddns
• github.com/libdns/he
• github.com/libdns/hetzner
• github.com/libdns/huaweicloud
• github.com/libdns/infomaniak
• github.com/libdns/inwx
• github.com/libdns/ionos
• github.com/libdns/linode
• github.com/libdns/loopia
• github.com/libdns/luadns
• github.com/libdns/mailinabox
• github.com/libdns/mythicbeasts
• github.com/libdns/namesilo
• github.com/libdns/nanelo
• github.com/libdns/netcup
• github.com/libdns/netlify
• github.com/libdns/njalla
• github.com/libdns/ovh
• github.com/libdns/powerdns
• github.com/libdns/rfc2136
• github.com/libdns/route53
• github.com/libdns/scaleway
• github.com/libdns/simplydotcom
• github.com/libdns/spaceship
• github.com/libdns/tencentcloud
• github.com/libdns/westcn

Unsupported providers

• github.com/libdns/acmedns, only creates ACME TXT records
• github.com/libdns/acmeproxy, only creates ACME TXT records
• github.com/libdns/conoha, defines a clashing type Provider
• github.com/libdns/dinahosting, only creates ACME TXT records
• github.com/libdns/dnsexit, no proper GetRecords
• github.com/libdns/dode, only creates ACME TXT records
• github.com/libdns/edgeone, defines a clashing type Provider
• github.com/libdns/metaname, only supports limited set of record types, dropping all others
• github.com/libdns/mijnhost, uses a type that dnsclay doesn't yet support in its tooling
• github.com/libdns/neoserv, it doesn't use an api, but parses html pages
• github.com/libdns/nfsn, only supports limited set of record types
• github.com/libdns/nicrudns, does not compile against latest libdns
• github.com/libdns/porkbun, only supports limited set of record types
• github.com/libdns/regfish, does not compile against latest libdns
• github.com/libdns/transip, requires a key in a file on disk
• github.com/libdns/vercel, cannot set TTL

Several other providers are not included because they haven't been updated to libdns v1.

Adding a new provider

Adding a provider should be a matter of adding it to providers.txt (keep it sorted!) and running "make build". It regenerates providers.go and syncs the Go module dependencies. The config fields in the package's Provider should be automatically processed, into both backend and frontend.

Modified github.com/libdns/libdns

dnsclay uses a modified libdns, github.com/mjl-/libdns. The modified version won't fail on parsing SRV, SVCB, HTTPS records if their DNS names don't have the expected format (e.g. _<service>._<transport>.[...]). The modified version only cares about the libdns.RR values.

About

Dnsclay is MIT-licensed, written by Mechiel Lukkien. Create an "issue" for bugs or questions. Consider working on one of the open issues. Please send feedback/insights on automating DNS changes to mechiel@ueber.net.