RFC compliant (Bind9) provider for octoDNS
Project description
RFC compliant (Bind9) provider for octoDNS
An octoDNS provider that targets Bind and other standards compliant servers. It includes support for sourcing records via AXFR, reading zone files, and fully managing records with RFC 2136.
Installation
Command line
pip install octodns-bind
requirements.txt/setup.py
Pinning specific versions or SHAs is recommended to avoid unplanned upgrades.
Versions
# Start with the latest versions and don't just copy what's here
octodns==0.9.20
octodns-bind==0.0.1
SHAs
# Start with the latest/specific versions and don't just copy what's here
-e git+https://git@github.com/octodns/octodns.git@9da19749e28f68407a1c246dfdf65663cdc1c422#egg=octodns
-e git+https://git@github.com/octodns/octodns-bind.git@ec9661f8b335241ae4746eea467a8509205e6a30#egg=octodns_bind
Configuration
ZoneFileSource
A source that reads DNS records from zone files in a local directory.
providers:
zonefile:
class: octodns_bind.ZoneFileSource
# The directory holding the zone files
# Filenames should match zone name (eg. example.com.)
# with optional extension specified with file_extension
directory: ./zonefiles
# File extension on zone files
# Appended to zone name to locate file
# (optional, default None)
file_extension: .zone
# Should sanity checks of the origin node be done
# (optional, default true)
check_origin: false
AxfrSource
A source that support the AXFR protocol
providers:
axfr:
class: octodns_bind.AxfrSource
# The address of nameserver to perform zone transfer against
host: ns1.example.com
# The port that the nameserver is listening on. Optional. Default: 53
port: 53
# optional, default: non-authed
key_name: env/AXFR_KEY_NAME
# optional, default: non-authed
key_secret: env/AXFR_KEY_SECRET
# optional, see https://github.com/rthalley/dnspython/blob/master/dns/tsig.py#L78
# for available algorithms
key_algorithm: hmac-sha1
See below for example Bind9 server configuration. Any server that supports RFC compliant AXFR should work here. If you have a need for support of other auth mechinism please open an issue.
Rfc2136Provider/BindProvider
A provider that combines AXFR and RFC 2136 to enable a full featured octoDNS provider for the Bind9 server
Both allow transfer allow-transfer { key octodns.exxampled.com.; }; allow-update { key octodns.exxampled.com.; };
providers:
rfc2136:
# also available as octodns_bind.BindProvider
class: octodns_bind.Rfc2136Provider
# The address of nameserver to perform zone transfer against
host: ns1.example.com
# The port that the nameserver is listening on. Optional. Default: 53
port: 53
# optional, default: non-authed
key_name: env/AXFR_KEY_NAME
# optional, default: non-authed
key_secret: env/AXFR_KEY_SECRET
# optional, see https://github.com/rthalley/dnspython/blob/master/dns/tsig.py#L78
# for available algorithms
key_algorithm: hmac-sha1
Example Bind9 config to enable AXFR and RFC 2136
# generated with rndc-confgen
key octodns.exxampled.com. {
algorithm hmac-sha256;
secret "vZew5TtZLTZKTCl00xliGt+1zzsuLWQWFz48bRbPnZU=";
};
zone "exxampled.com." {
type master;
file "/var/lib/bind/db.exxampled.com";
notify explicit;
# this enables AXFR
allow-transfer { key octodns.exxampled.com.; };
# this allows RFC 2136
allow-update { key octodns.exxampled.com.; };
};
Any server that supports RFC compliant AXFR and RFC 2136 should work here. If you have a need for support of other auth mechinism please open an issue.
Support Information
Records
A, AAAA, CAA, CNAME, LOC, MX, NS, PTR, SPF, SRV, SSHFP, TLSA, TXT
Dynamic
This module does not support dynamic records.
Development
See the /script/ directory for some tools to help with the development process. They generally follow the Script to rule them all pattern. Most useful is ./script/bootstrap which will create a venv and install both the runtime and development related requirements. It will also hook up a pre-commit hook that covers most of what's run by CI.
There is a docker-compose.yml file included in the repo that will set up a Bind9 server with AXFR transfers and RFC 2136 updates enabled for use in development. The secret for the server can be found in docker/etc/bind/named.conf.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file octodns-bind-0.0.3.tar.gz.
File metadata
- Download URL: octodns-bind-0.0.3.tar.gz
- Upload date:
- Size: 7.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.10.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9b64bfb37285744f0cd5d017a985a00ae6818e18109feec24ff8107d9b3ee871
|
|
| MD5 |
064a91f633db7eab4aa44c90b1812344
|
|
| BLAKE2b-256 |
de7337b2e5525191b678abea441bc2fa24f8b637955ace711dcde3903710e463
|
File details
Details for the file octodns_bind-0.0.3-py3-none-any.whl.
File metadata
- Download URL: octodns_bind-0.0.3-py3-none-any.whl
- Upload date:
- Size: 5.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.10.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
deae560babc0a8e94855cb2d63a6898e74c1ea0ac2f36eb3bace656e76ddfdc4
|
|
| MD5 |
e7b3a3f1613af4e3e94acefdbb4eda15
|
|
| BLAKE2b-256 |
bf2b31460dd41602b63f061dbc866223b843126a10000742f91fbbc77f002817
|
