🚀
DNSControl
🚀
DNSControl
  • Introduction to DNSControl
  • Getting Started
    • Overview
    • Examples
    • Migrating zones to DNSControl
    • TypeScript autocomplete and type checking
  • Language Reference
    • JavaScript DSL
    • Top Level Functions
      • D
      • DEFAULTS
      • DOMAIN_ELSEWHERE
      • DOMAIN_ELSEWHERE_AUTO
      • D_EXTEND
      • FETCH
      • HASH
      • IP
      • NewDnsProvider
      • NewRegistrar
      • PANIC
      • REV
      • REVCOMPAT
      • getConfiguredDomains
      • require
      • require_glob
    • Domain Modifiers
      • A
      • AAAA
      • ALIAS
      • AUTODNSSEC_OFF
      • AUTODNSSEC_ON
      • CAA
      • CAA_BUILDER
      • CNAME
      • DHCID
      • DNAME
      • DNSKEY
      • DISABLE_IGNORE_SAFETY_CHECK
      • DMARC_BUILDER
      • DS
      • DefaultTTL
      • DnsProvider
      • FRAME
      • HTTPS
      • IGNORE
      • IGNORE_NAME
      • IGNORE_TARGET
      • IMPORT_TRANSFORM
      • IMPORT_TRANSFORM_STRIP
      • INCLUDE
      • LOC
      • LOC_BUILDER_DD
      • LOC_BUILDER_DMM_STR
      • LOC_BUILDER_DMS_STR
      • LOC_BUILDER_STR
      • M365_BUILDER
      • MX
      • NAMESERVER
      • NAMESERVER_TTL
      • NAPTR
      • NO_PURGE
      • NS
      • PTR
      • PURGE
      • SOA
      • SPF_BUILDER
      • SRV
      • SSHFP
      • SVCB
      • TLSA
      • TXT
      • URL
      • URL301
      • Service Provider specific
        • Akamai Edge Dns
          • AKAMAICDN
        • Amazon Route 53
          • R53_ALIAS
        • Azure DNS
          • AZURE_ALIAS
        • Cloudflare DNS
          • CF_REDIRECT
          • CF_SINGLE_REDIRECT
          • CF_TEMP_REDIRECT
          • CF_WORKER_ROUTE
        • ClouDNS
          • CLOUDNS_WR
    • Record Modifiers
      • TTL
      • Service Provider specific
        • Amazon Route 53
          • R53_ZONE
          • R53_EVALUATE_TARGET_HEALTH
    • Why CNAME/MX/NS targets require a "dot"
  • Provider
    • Supported providers
    • Akamai Edge DNS
    • Amazon Route 53
    • AutoDNS
    • AXFR+DDNS
    • Azure DNS
    • Azure Private DNS
    • BIND
    • Bunny DNS
    • CentralNic Reseller (CNR) - formerly RRPProxy
    • Cloudflare
    • ClouDNS
    • CSC Global
    • deSEC
    • DigitalOcean
    • DNS Made Easy
    • DNSimple
    • DNS-over-HTTPS
    • DOMAINNAMESHOP
    • Dynadot
    • easyname
    • Exoscale
    • Gandi_v5
    • Gcore
    • Google Cloud DNS
    • Hetzner DNS Console
    • HEXONET
    • hosting.de
    • Huawei Cloud DNS
    • Hurricane Electric DNS
    • Internet.bs
    • INWX
    • Linode
    • Loopia
    • LuaDNS
    • Microsoft DNS Server on Microsoft Windows Server
    • Mythic Beasts
    • Namecheap
    • Name.com
    • Netcup
    • Netlify
    • NS1
    • OpenSRS
    • Oracle Cloud
    • OVH
    • Packetframe
    • Porkbun
    • PowerDNS
    • Realtime Register
    • RWTH DNS-Admin
    • Sakura Cloud
    • SoftLayer DNS
    • TransIP
    • Vultr
  • Commands
    • preview/push
    • check-creds
    • get-zones
    • get-certs
    • fmt
    • creds.json
    • Global Flag
    • Disabling Colors
  • Advanced features
    • Concurrency Verified
    • CI/CD example for GitLab
    • CLI variables
    • Nameservers and Delegations
    • Notifications
    • Useful code tricks
    • JSON Reports
    • Dual Host
  • Developer info
    • Code Style Guide
    • Documentation Style Guide
    • DNSControl is an opinionated system
    • Writing new DNS providers
    • Creating new DNS Resource Types (rtypes)
    • Integration Tests
    • Test a branch
    • Unit Testing DNS Data
    • Bug Triage Process
    • Bring-Your-Own-Secrets for automated testing
    • Debugging with dlv
    • ALIAS Records
    • TXT record testing
    • DNS records ordering
  • Release
    • How to build and ship a release
    • Changelog v3.16.0
    • GitHub releases
Powered by GitBook
On this page
  • Important Note
  • Configuration
  • Metadata
  • Usage
Edit on GitHub
  1. Provider

Hurricane Electric DNS

PreviousHuawei Cloud DNSNextInternet.bs

Last updated 6 months ago

Important Note

Hurricane Electric does not currently expose an official JSON or XML API, and as such, this provider interacts directly with the web interface. Because there is no officially supported API, this provider may cease to function if Hurricane Electric changes their interface, and you should be willing to accept this possibility before relying on this provider.

Configuration

To use this provider, add an entry to creds.json with TYPE set to HEDNS along with your dns.he.net account username and password. These are the same username and password used to log in to the .

creds.json
{
  "hedns": {
    "TYPE": "HEDNS",
    "username": "yourUsername",
    "password": "yourPassword"
  }
}

Two factor authentication

If two-factor authentication has been enabled on your account you will also need to provide a valid TOTP code. This can also be done via an environment variable:

creds.json
{
  "hedns": {
    "TYPE": "HEDNS",
    "username": "yourUsername",
    "password": "yourPassword",
    "totp": "$HEDNS_TOTP"
  }
}

and then you can run

HEDNS_TOTP=12345 dnscontrol preview

It is also possible to directly provide the shared TOTP secret using the key "totp-key" in creds.json. This secret is only available when first enabling two-factor authentication.

Security Warning:

  • Anyone with access to this creds.json file will have full access to your Hurricane Electric account and will be able to modify and delete your DNS entries

  • Storing the shared secret together with the password weakens two factor authentication because both factors are stored in a single place.

creds.json
{
  "hedns": {
    "TYPE": "HEDNS",
    "username": "yourUsername",
    "password": "yourPassword",
    "totp-key": "yourTOTPSharedSecret"
  }
}

Persistent Sessions

Normally this provider will refresh authentication with each run of dnscontrol. This can lead to issues when using two-factor authentication if two runs occur within the time period of a single TOTP token (30 seconds), as reusing the same token is explicitly disallowed by RFC 6238 (TOTP).

To work around this limitation, if multiple requests need to be made, the option "session-file-path" can be set in creds.json, which is the directory where a .hedns-session file will be created. This can be used to allow reuse of an existing session between runs, without the need to re-authenticate.

This option is disabled by default when this key is not present,

Security Warning:

  • Anyone with access to this .hedns-session file will be able to use the existing session (until it expires) and have full access to your Hurrican Electric account and will be able to modify and delete your DNS entries.

  • It should be stored in a location only trusted users can access.

creds.json
{
  "hedns": {
    "TYPE": "HEDNS",
    "username": "yourUsername",
    "password": "yourPassword",
    "totp-key": "yourTOTPSharedSecret",
    "session-file-path": "."
  }
}

Metadata

This provider does not recognize any special metadata fields unique to Hurricane Electric DNS.

Usage

An example configuration:

dnsconfig.js
var REG_NONE = NewRegistrar("none");
var DSP_HEDNS = NewDnsProvider("hedns");

D("example.com", REG_NONE, DnsProvider(DSP_HEDNS),
    A("test", "1.2.3.4"),
);
web interface