dns-update

dns-update is an Dynamic DNS update library for Rust that supports updating DNS records using the RFC 2136 protocol and over 70 cloud, registrar, and self-hosted DNS provider APIs. It was designed to be simple and easy to use, while providing a high level of flexibility and performance.

Supported providers

Provider	Constructor	Notes
RFC 2136	`new_rfc2136_tsig`	TSIG authentication
Alibaba Cloud DNS	`new_alidns`	ACS3-HMAC-SHA256
ArvanCloud	`new_arvancloud`
AutoDNS	`new_autodns`	InterNetX
Azure DNS	`new_azuredns`	OAuth2 client credentials
Baidu Cloud DNS	`new_baiducloud`	BCE-Auth-V1
BlueCat Address Manager v2	`new_bluecatv2`	OAuth
Bunny DNS	`new_bunny`
Cloudflare	`new_cloudflare`	API token or X-Auth-*
ClouDNS	`new_cloudns`
Constellix	`new_constellix`	HMAC-SHA1
cPanel	`new_cpanel`	UAPI, API token
DDNSS.de	`new_ddnss`	TXT only
deSEC	`new_desec`
DigitalOcean	`new_digitalocean`
DNSimple	`new_dnsimple`
DNS Made Easy	`new_dnsmadeeasy`	HMAC-SHA1
Domeneshop	`new_domeneshop`
DreamHost	`new_dreamhost`
DuckDNS	`new_duckdns`	TXT only
Dynu	`new_dynu`
EasyDNS	`new_easydns`
Akamai Edge DNS	`new_edgedns`	EG1-HMAC-SHA256
Exoscale	`new_exoscale`	EXO2-HMAC-SHA256
FreeMyIP	`new_freemyip`	TXT only
Gandi v5	`new_gandiv5`	LiveDNS
Gcore	`new_gcore`
GleSYS	`new_glesys`
GoDaddy	`new_godaddy`
Google Cloud DNS	`new_google_cloud_dns`	Service account JWT
Hetzner DNS	`new_hetzner`
hosting.de	`new_hostingde`
Hostinger	`new_hostinger`
Huawei Cloud DNS	`new_huaweicloud`	SDK-HMAC-SHA256
Hurricane Electric	`new_hurricane`	TXT only
IBM Cloud (SoftLayer)	`new_ibmcloud`	Classic Infrastructure
Infoblox NIOS	`new_infoblox`	WAPI
Infomaniak	`new_infomaniak`
INWX	`new_inwx`	JSON-RPC
IONOS	`new_ionos`
IPv64	`new_ipv64`	TXT only
Joker	`new_joker`	DMAPI, API key or username/password
AWS Lightsail	`new_lightsail`	AWS Sigv4
Linode	`new_linode`
LuaDNS	`new_luadns`
Mythic Beasts	`new_mythicbeasts`	OAuth2
Namecheap	`new_namecheap`	XML API
Name.com	`new_namedotcom`
NameSilo	`new_namesilo`	XML API
netcup	`new_netcup`	JSON-RPC, session cache
Netlify	`new_netlify`
Nifcloud	`new_nifcloud`	NIFTY3-HTTPS
NS1	`new_ns1`
Oracle Cloud DNS	`new_oraclecloud`	RSA-SHA256 HTTP Signatures
OVH	`new_ovh`
Plesk	`new_plesk`	REST API, X-API-Key
Porkbun	`new_porkbun`
AWS Route 53	`new_route53`	AWS Sigv4
ANS SafeDNS	`new_safedns`
Scaleway	`new_scaleway`
Spaceship	`new_spaceship`
Tencent Cloud DNSPod	`new_tencentcloud`	TC3-HMAC-SHA256
TransIP	`new_transip`	RSA-SHA512 JWT
UltraDNS	`new_ultradns`	OAuth2
Vercel	`new_vercel`
Volcano Engine	`new_volcengine`	HMAC-SHA256
Vultr	`new_vultr`
Websupport	`new_websupport`	HMAC-SHA1
Yandex Cloud DNS	`new_yandexcloud`	PS256 JWT

API

Every provider exposes three RRSet-oriented methods on DnsUpdater. All three operate on the full RRSet at (name, type) and are idempotent.

async fn set_rrset(name, type, ttl, records: Vec<DnsRecord>, origin) -> Result<()>
async fn add_to_rrset(name, type, ttl, records: Vec<DnsRecord>, origin) -> Result<()>
async fn remove_from_rrset(name, type, records: Vec<DnsRecord>, origin) -> Result<()>

set_rrset replaces the RRSet at (name, type) with exactly records. An empty Vec deletes the RRSet. Other types at the same owner are never touched.
add_to_rrset ensures records are present at the owner without removing anything else.
remove_from_rrset removes only the listed values; other values at the same owner are preserved.

Usage Example

Publishing a TXT record using RFC 2136 over TSIG:

let client = DnsUpdater::new_rfc2136_tsig(
    "tcp://127.0.0.1:53",
    "<KEY_NAME>",
    STANDARD.decode("<TSIG_KEY>").unwrap(),
    TsigAlgorithm::HmacSha512,
)
.unwrap();

// Publish the entire RRSet at this owner in one atomic operation. Empty
// Vec deletes the RRSet. Rerunning with the same input is a no-op.
client
    .set_rrset(
        "test._domainkey.example.org",
        DnsRecordType::TXT,
        300,
        vec![DnsRecord::TXT("v=DKIM1; k=rsa; h=sha256; p=test".to_string())],
        "example.org",
    )
    .await
    .unwrap();

// Delete the RRSet.
client
    .set_rrset(
        "test._domainkey.example.org",
        DnsRecordType::TXT,
        0,
        vec![],
        "example.org",
    )
    .await
    .unwrap();

add_to_rrset is for "publish this value alongside whatever else is there" (e.g. an ACME challenge token that should coexist with the user's DKIM/SPF TXTs at the same owner):

client
    .add_to_rrset(
        "_acme-challenge.example.org",
        DnsRecordType::TXT,
        60,
        vec![DnsRecord::TXT("challenge-token".to_string())],
        "example.org",
    )
    .await
    .unwrap();

client
    .remove_from_rrset(
        "_acme-challenge.example.org",
        DnsRecordType::TXT,
        vec![DnsRecord::TXT("challenge-token".to_string())],
        "example.org",
    )
    .await
    .unwrap();

License

Licensed under either of

Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)

at your option.

dns-update 0.5.0

dns-update

Supported providers

API

Usage Example

License

Copyright