Expand description
§dns-update
dns-update is an Dynamic DNS update library for Rust that supports updating DNS records using the RFC 2136 protocol and over 70 cloud, registrar, and self-hosted DNS provider APIs. It was designed to be simple and easy to use, while providing a high level of flexibility and performance.
§Supported providers
| Provider | Constructor | Notes |
|---|---|---|
| RFC 2136 | new_rfc2136_tsig | TSIG authentication |
| Alibaba Cloud DNS | new_alidns | ACS3-HMAC-SHA256 |
| ArvanCloud | new_arvancloud | |
| AutoDNS | new_autodns | InterNetX |
| Azure DNS | new_azuredns | OAuth2 client credentials |
| Baidu Cloud DNS | new_baiducloud | BCE-Auth-V1 |
| BlueCat Address Manager v2 | new_bluecatv2 | OAuth |
| Bunny DNS | new_bunny | |
| Cloudflare | new_cloudflare | API token or X-Auth-* |
| ClouDNS | new_cloudns | |
| Constellix | new_constellix | HMAC-SHA1 |
| cPanel | new_cpanel | UAPI, API token |
| DDNSS.de | new_ddnss | TXT only |
| deSEC | new_desec | |
| DigitalOcean | new_digitalocean | |
| DNSimple | new_dnsimple | |
| DNS Made Easy | new_dnsmadeeasy | HMAC-SHA1 |
| Domeneshop | new_domeneshop | |
| DreamHost | new_dreamhost | |
| DuckDNS | new_duckdns | TXT only |
| Dynu | new_dynu | |
| EasyDNS | new_easydns | |
| Akamai Edge DNS | new_edgedns | EG1-HMAC-SHA256 |
| Exoscale | new_exoscale | EXO2-HMAC-SHA256 |
| FreeMyIP | new_freemyip | TXT only |
| Gandi v5 | new_gandiv5 | LiveDNS |
| Gcore | new_gcore | |
| GleSYS | new_glesys | |
| GoDaddy | new_godaddy | |
| Google Cloud DNS | new_google_cloud_dns | Service account JWT |
| Hetzner DNS | new_hetzner | |
| hosting.de | new_hostingde | |
| Hostinger | new_hostinger | |
| Huawei Cloud DNS | new_huaweicloud | SDK-HMAC-SHA256 |
| Hurricane Electric | new_hurricane | TXT only |
| IBM Cloud (SoftLayer) | new_ibmcloud | Classic Infrastructure |
| Infoblox NIOS | new_infoblox | WAPI |
| Infomaniak | new_infomaniak | |
| INWX | new_inwx | JSON-RPC |
| IONOS | new_ionos | |
| IPv64 | new_ipv64 | TXT only |
| Joker | new_joker | DMAPI, API key or username/password |
| AWS Lightsail | new_lightsail | AWS Sigv4 |
| Linode | new_linode | |
| LuaDNS | new_luadns | |
| Mythic Beasts | new_mythicbeasts | OAuth2 |
| Namecheap | new_namecheap | XML API |
| Name.com | new_namedotcom | |
| NameSilo | new_namesilo | XML API |
| netcup | new_netcup | JSON-RPC, session cache |
| Netlify | new_netlify | |
| Nifcloud | new_nifcloud | NIFTY3-HTTPS |
| NS1 | new_ns1 | |
| Oracle Cloud DNS | new_oraclecloud | RSA-SHA256 HTTP Signatures |
| OVH | new_ovh | |
| Plesk | new_plesk | REST API, X-API-Key |
| Porkbun | new_porkbun | |
| AWS Route 53 | new_route53 | AWS Sigv4 |
| ANS SafeDNS | new_safedns | |
| Scaleway | new_scaleway | |
| Spaceship | new_spaceship | |
| Tencent Cloud DNSPod | new_tencentcloud | TC3-HMAC-SHA256 |
| TransIP | new_transip | RSA-SHA512 JWT |
| UltraDNS | new_ultradns | OAuth2 |
| Vercel | new_vercel | |
| Volcano Engine | new_volcengine | HMAC-SHA256 |
| Vultr | new_vultr | |
| Websupport | new_websupport | HMAC-SHA1 |
| Yandex Cloud DNS | new_yandexcloud | PS256 JWT |
§API
Every provider exposes three RRSet-oriented methods on DnsUpdater. All three operate on the full RRSet at (name, type) and are idempotent.
ⓘ
async fn set_rrset(name, type, ttl, records: Vec<DnsRecord>, origin) -> Result<()>
async fn add_to_rrset(name, type, ttl, records: Vec<DnsRecord>, origin) -> Result<()>
async fn remove_from_rrset(name, type, records: Vec<DnsRecord>, origin) -> Result<()>set_rrsetreplaces the RRSet at(name, type)with exactlyrecords. An emptyVecdeletes the RRSet. Other types at the same owner are never touched.add_to_rrsetensuresrecordsare present at the owner without removing anything else.remove_from_rrsetremoves only the listed values; other values at the same owner are preserved.
§Usage Example
Publishing a TXT record using RFC 2136 over TSIG:
ⓘ
let client = DnsUpdater::new_rfc2136_tsig(
"tcp://127.0.0.1:53",
"<KEY_NAME>",
STANDARD.decode("<TSIG_KEY>").unwrap(),
TsigAlgorithm::HmacSha512,
)
.unwrap();
// Publish the entire RRSet at this owner in one atomic operation. Empty
// Vec deletes the RRSet. Rerunning with the same input is a no-op.
client
.set_rrset(
"test._domainkey.example.org",
DnsRecordType::TXT,
300,
vec![DnsRecord::TXT("v=DKIM1; k=rsa; h=sha256; p=test".to_string())],
"example.org",
)
.await
.unwrap();
// Delete the RRSet.
client
.set_rrset(
"test._domainkey.example.org",
DnsRecordType::TXT,
0,
vec![],
"example.org",
)
.await
.unwrap();add_to_rrset is for “publish this value alongside whatever else is there”
(e.g. an ACME challenge token that should coexist with the user’s DKIM/SPF
TXTs at the same owner):
ⓘ
client
.add_to_rrset(
"_acme-challenge.example.org",
DnsRecordType::TXT,
60,
vec![DnsRecord::TXT("challenge-token".to_string())],
"example.org",
)
.await
.unwrap();
client
.remove_from_rrset(
"_acme-challenge.example.org",
DnsRecordType::TXT,
vec![DnsRecord::TXT("challenge-token".to_string())],
"example.org",
)
.await
.unwrap();§License
Licensed under either of
- Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
§Copyright
Copyright (C) 2020, Stalwart Labs LLC
Modules§
- bind
- crypto
- dnssec
- dns security extension related modules
- http
- jwt
- Generic JWT utility for providers that need JWT authentication.
- providers
- tests
- update
- utils
Structs§
- KeyValue
- MXRecord
- Named
DnsRecord - A named DNS record, which consists of a name and a DNS record.
- SRVRecord
- TLSA
Record
Enums§
- Algorithm
- A DNSSEC algorithm.
- CAARecord
- DnsRecord
- A DNS record type with a value.
- DnsRecord
Type - A DNS record type.
- DnsUpdater
- Error
- Tlsa
Cert Usage - Tlsa
Matching - Tlsa
Selector - Tsig
Algorithm - A TSIG algorithm.