deSEC

Configuration

To use this provider, add an entry to creds.json with TYPE set to DESEC along with a deSEC account auth token.

Example:

creds.json

{
  "desec": {
    "TYPE": "DESEC",
    "auth-token": "your-deSEC-auth-token"
  }
}

Metadata

This provider does not recognize any special metadata fields unique to deSEC.

Usage

An example configuration:

dnsconfig.js

var REG_NONE = NewRegistrar("none");
var DSP_DESEC = NewDnsProvider("desec");

D("example.com", REG_NONE, DnsProvider(DSP_DESEC),
    A("test", "1.2.3.4"),
);

Activation

DNSControl depends on a deSEC account auth token. This token can be obtained by logging in via the deSEC API.

deSEC enforces a daily limit of 300 RRset creation/deletion/modification per domain. Large changes may have to be done over the course of a few days. The integration test suite can not be run in a single session. See https://desec.readthedocs.io/en/latest/rate-limits.html#api-request-throttling

Upon domain creation, the DNSKEY and DS records needed for DNSSEC setup are printed in the command output. If you need these values later, get them from the deSEC web interface or query deSEC nameservers for the CDS records. For example: dig +short @ns1.desec.io example.com CDS will return the published CDS records which can be used to insert the required DS records into the parent zone.

PreviousCSC Global NextDigitalOcean

Last updated 1 day ago