henet 2FA Authentication

[goose-ws]

Hello!

I opted to enable 2FA on my HE DNS account, which has broken the ability to log in to my account to set the necessary TXT records for domain ownership verification with the DNS based certbot.

After reaching out to HE about solutions for this, they informed me that it's possible to work around this by using a TXT record which is enabled for dyndns.

In this scenario, rather than providing the username and password for authentication, one would provide the domain name and dyndns secret key. For reference, the dyndns secret key is generated by selecting the black circling arrows next to the DNS entry after enabling dyndns when setting the record up.

For example:

curl -skL "https://dyn.dns.he.net/nic/update" -d "hostname=sub.domain.tld" -d "password=dynDnsKey" -d "txt=verificationdata"

Would update an existing TXT record for sub.domain.tld with the value verificationdata. In actual practice:

[goose@Vergil: ~ ] $ dig -t txt test.goose.ws +short
"test"
[goose@Vergil: ~ ] $ curl -skL "https://dyn.dns.he.net/nic/update" -d "password=[removed]" -d "hostname=test.goose.ws" -d "txt=newtest"
good % 
[goose@Vergil: ~ ] $ dig -t txt test.goose.ws +short
"newtest"
[goose@Vergil: ~ ] $

The only catch here is that adjustments can only be made to an existing TXT record, and it has to be left in place afterwards for future verification.

Would it be possible to add this behavior to work around 2FA with HE DNS?