Comment by 9dev
8 days ago
For the love of god, switch to a DNS provider with an API. Whatever legacy behemoth you’re working with doesn’t justify a gap this wide.
8 days ago
For the love of god, switch to a DNS provider with an API. Whatever legacy behemoth you’re working with doesn’t justify a gap this wide.
What open source DNS servers have an API? (I saw someone elsewhere in the thread talking about doing this with dnsmasq, but it sounded like they'd cobbled something together, rather than the software handling it.)
BIND 9, for starters
https://datatracker.ietf.org/doc/html/rfc2136
I personally wouldn't use dnsmasq for this (as its far more suited as a recursive server and DHCP provider with some basic authoritative records, rather than an authoritative-only server), but every open source authoritative DNS server worth using about has RFC 2136 support.
PowerDNS has an API which is working pretty well, I've been using it to generate ACME certificates since a few years and I also built a DNS hosting service around it.
Name one that doesn’t have an AWS-style per-query cost.
(There might well be a nice one, but I haven’t found it yet.)
If it's for a business, I would contact them to see if they have a commercial offering, but I think the Hurricane Electric Free DNS might actually fit.
https://dns.he.net/
Interestingly, HE’s commercial offerings are in some respects excellent, but their login system is every bit as primitive as the free stuff.
Hetzner does not charge any money for their dns service and they have an api.
Hi there, Hetzner here. Thanks for mentioning us. For anyone who is interested: - https://www.hetzner.com/dns/ - https://docs.hetzner.com/networking/dns - https://docs.hetzner.cloud/reference/cloud#tag/zones --Katie
2 replies →
Might be obvious, but Cloudflare
No. Cloudflare will give a key scoped to an entire administrative domain in the Cloudflare sense like “a.com”. They will not give you a key scoped to a single entry within that domain. (That entry would be a domain in the RFC 9499 sense, but do you really expect anyone to agree on the terminology?)
In particular, there is no support for getting a key scoped to _acme-challenge.a.b.c or, even better, to a particular RR.
Maybe if you have an enterprise plan you can very awkwardly fudge it using lots of CNAMEs and subdomains.
Some DNS hosts that support old-school dynamic dns can do this. dns.he.net is an example, but they have a login system that very much stuck in the nineties.
Cloudflare DNS isn't fully functional (at least for me). Can't be used for general purpose DNS hosting imho.
Hetzner DNS
desec.io