Skip to content

Releases: StackExchange/dnscontrol

Release v3.7.0

19 Feb 20:29
@tlimoncelli tlimoncelli
v3.7.0
29dfac1
Compare
Choose a tag to compare
Release v3.7.0

This release introduces a major new feature: support for split horizons! The beta users give it two thumbs up, but as with any new feature please adopt it with care. Also in this release are new features for NS1, ClouDNS, and some code cleanups and bug fixes.

Split horizon DNS support introduces a new name scheme for domains: "domain!horizon", where "horizon" differentiates between multiple
instances of the same domain. Define D("example.com!inside") and D("example.com!outside"), for example. The two "example.com" domains are unrelated and must be populated individually.

Breaking changes:

  • none

Major features:

  • NEW FEATURE: Support Split Horizon DNS (#1034)

Provider-specific changes:

  • NS1: Support NS1_URLFWD (#1046)
  • CLOUDNS: Implement AUTOSPLIT (#1035)
  • BIND: Specify zone filenames using a printf-like specification (#1034)

Other changes and improvements:

  • BUG: Labels that are FQDN can cause panics (#1040)
Assets 7

Release v3.6.0

30 Jan 14:50
@tlimoncelli tlimoncelli
v3.6.0
c783d98
Compare
Choose a tag to compare
Release v3.6.0 Pre-release
Pre-release

This release includes 2 new providers, a new FETCH() command, and much more!

MSDNS is a new provivder for the Microsoft Windows Server DNS Server. It issues PowerShell commands to do its updates. It will eventually replace ACTIVEDIRECTORY_PS, which was becoming difficult to maintain. MSDNS is very new so test with care. Please report bugs ASAP.

ORACLE is our newest provider. Welcome to the DNSControl family!

FETCH() is a new feature that can "curl" a JSON file. Use the --allow-fetch command line flag to enable this potentially risky feature.

Thanks to all the volunteers for their contributions, especially Atma for helping improve the releng automation!

Breaking changes:

  • None

Major features:

  • NEW PROVIDER: MSDNS (#1005)
  • NEW PROVIDER: Oracle Cloud (#1021)
  • New feature: FETCH() permits http gets in dnsconfig.js (#1007)

Provider-specific changes:

  • CLOUDFLAREAPI: Now works with PunyCode/IDNA (#1019)
  • CLOUDFLAREAPI: Support Punycode for CF_REDIRECT/CF_TEMP_REDIRECT (with tests) (#1026)
  • CLOUDNS: Add DS record support (#1018)
  • GCCLOUD: Add TLSA Support (#1015)
  • HEXONET: Update github.com/hexonet/go-sdk (#1029)
  • OCTODNS: Add SPF support for RecordConfig (#1020)
  • OVH: Enable TXTMulti (#1003) (#1008)

Other changes and improvements:

  • RELENG: Automate releng more (#1006)
  • RELENG: Build RPM and DEB packages (#1030)
Assets 7

Release v3.5.0

07 Dec 15:23
@tlimoncelli tlimoncelli
v3.5.0
7ee2720
Compare
Choose a tag to compare
Release v3.5.0

This release includes so many updates and fixes it is difficult to
summarize them all!

Major features:

  • NEW PROVIDER: HETZNER DNS Console (#904)
  • NEW FEATURE: You can now set variables through flags on the command line (#918) (#913)
  • BREAKING CHANGE: Long TXT records require AUTOSPLIT to be split (#957) and are checked are check/preview time (#947) (See below)
  • ENHANCEMENT: "dnscontrol get-zones" now outputs the "orange cloud" flag for CloudFlare (#952)

BREAKING CHANGE: Previously different providers handled them differently; some gave an error and others split them silently into 255-octet chunks. This created unhappy surprises when switching providers. Now strings longer than 255-octet must be explictly split (manually or by using the AUTOSPLIT flag). See https://stackexchange.github.io/dnscontrol/js#long-and-multiple-strings

NEW AUTOMATED TESTING! Each PR now triggers a suite of automated tests. If you maintain a provider, you can "bring your own secrets" to activate testing in your fork. This should make it easier to contribute to the project! (thanks Max Horstmann, our GitHub Actions wizard!)

Provider-specific changes:

  • AZURE_DNS: Remove artificial delays (#943)
  • CLOUDFLAREAPI: get-zones now outputs "orange cloud" status (#952)
  • CLOUDFLAREAPI: Support TXTMulti and empty TXT targets (#978)
  • DIGITALOCEAN: Abide by rate limits (#934)
  • DIGITALOCEAN: Support TXTMulti with caveats (#949)
  • GCLOUD: Don't panic() on unknown domain name (#944)
  • GCLOUD: Retry on ratelimit (#946) and 502 (#984)
  • HETZNER: Allow TXTMulti (#963)
  • HETZNER: better rate limit handling (#936) (#926)A
  • HETZNER: create and modify multiple records in batches (#925) (#789)
  • HEXONET: Add GHA tests. Update docs. (#942)
  • INWX: Guard against single-quote TXT targets (#971)
  • INWX: enable multi txt support (#981)
  • POWERDNS: Fix documentation: config keys use camel case (#962)
  • ROUTE53: Fix R53_ALIAS creation failure (#938)

Code maintenance:

  • TESTING: Enable Bring-Your-Own-Secrets (#982) (#977)
  • TESTING: js_test.go now generates zonefiles and tests them (#986)
  • BUG: Fix REV and PTR when used together or with D_EXTEND (#979)
  • BUG: Refactored R53_ALIAS code to be more predictably correct, and fix many bugs along the way (#938)
  • BUG: Unknown rtypes should return errors, not a panic (#945)
  • CODE HEALTH: Reduce the use of panic(): Unknown rtypes return errors, not panic (#945)
  • CODE HEALTH: Rename provider handles to *Provider (#914) (#911)
  • CODE HEALTH: deps updates and linting (#905)
  • DOCS: Fix golint and vendoring notes (#948)
  • DOCS: Update install instructions (#951)
  • MAINT: Add a .editorconfig file (#921)
  • MAINT: Fix parse_test numbering (#985)
  • MAINT: Many deps updated (#988)
  • MAINT: gofmt -s all the things! (#983)
Assets 5

Release v3.4.2

12 Oct 16:58
@tlimoncelli tlimoncelli
v3.4.2
bd2ba11
Compare
Choose a tag to compare
Release v3.4.2

(Version 3.4.0 and 3.4.1 were skipped due to an issue while making the release.)

This release includes 1 new Registrar, improvements to others (especially HEXONET), and dozens of other improvements. Thanks for all the contributors!

Major new features:

  • New Registrar: CSC Global (#827)
  • New function: D_EXTEND adds records to an existing D(); possibly in a subdomain (#885) (thanks to @ad8-bdl!)
  • AUTODNSSEC is now AUTODNSSEC_ON (#863). If neither AUTODNSSEC_ON or AUTODNSSEC_OFF is included in a domain, AutoDNSSEC is left alone.
  • Errors in dnsconfig.js and subfiles now indicate the proper filename and line.
  • DOCS: Better document nameserver scenarios (#868)
  • NAMESERVER() validity check fixed (#866)
  • Many other bug fixes and document improvements.

Provider-specific changes:

  • HEXONET: Implement get-zones.
  • HEXONET: Upgraded to newest module.
  • ROUTE53: Documented but with legacy records (#901)
  • INWX: Support creating domains (#855)
  • INWX: add additional documentation about 2FA (#865)
  • PowerDNS: Implemented AUTODNSSEC (#856)
  • VULTR: Update govultr to v1.0.0 (fixes #892) (#897)
  • VULTR: Null MX records are not supported (#702) (#894)
  • GANDI_V5: Use github.com/go-gandi/go-gandi, not github.com/tiramiseb/go-gandi (#883)

Help wanted:

  • #873: NS1 has no maintainer. Volunteer needed or we may have to remove this provider.
  • #874: Anyone interested in making a fmt tool for dnsconfig.js?
  • Requests for providers for RcodeZero #884, Joker.com #854, Constellix (DNSMadeEasy) #842, and others.

Project changes:

  • No "vendoring". Remove vendoring notes from release-engineering.
  • Go modules now required. Remove support for pre-module builds.
Assets 5

Release v3.3.0

04 Sep 15:09
@tlimoncelli tlimoncelli
v3.3.0
f902c26
Compare
Choose a tag to compare
Release v3.3.0

This release brings three new providers (DNS-over-HTTPS, Hurricane Electric DNS, INWX), the ability to send notifications to Microsoft Teams, new functions (require_glob(), IGNORE_TARGET(), IGNORE_LABEL(), DU_EXTEND()), plenty of bugfixes and updates for providers, plus a lot of cleanups and documentation improvements!

Thanks to all the contributors!

Major features:

  • NEW PROVIDER: DOH: Read-only Registrar that validates NS records (#840)
  • NEW PROVIDER: HEDNS: Hurricane Electric DNS (dns.he.net) (#822)
  • NEW PROVIDER: INWX (#808)
  • NEW NOTIFIER: Add support for Microsoft Teams (#812)
  • Validation: New rules for validiating labels with underbars (#830)
  • New feature: require_glob() (similar to require() but supports globs) (#804)
  • New feature: IGNORE_TARGET. Rename INGORE to IGNORE_NAME (#806)
  • New feature: IGNORE label renamed to IGNORE_LABEL (IGNORE still exists for compatibility) (#806)
  • New feature: New features: D_EXTEND() getConfiguredDomains() to assist modifying domains (#800)
  • SPF Optimizer: Enable the use of TXTMulti records to support longer SPF records (#794)
  • SPF Optimizer: Make it possible to disable the raw SPF optimizer debug record (#795)
  • SPF Optimizer: spf flattener can make first record extra short (#781)
  • Long lists of adds/deletes are now sorted on some providers (for cosmetic reasons)
  • Provider support for DS records as children only (#765)
  • get-certs.md: correct flag names (#758)

Provider-specific features:

  • AZURE: Cleanup: Errorf is a pure function but its return value is ignored #836 (#843)
  • AZURE: Fixed bug related to having >100 Zones (#816)
  • CLOUDFLARE: Set TTL to 1 for Cloudflare page rules (#828)
  • BIND: Add TTL to BIND SoaInfo struct (#820)
  • deSEC: Supports PTR records out of the box (#801)
  • PowerDNS: Fix PowerDNS domain creation (#786)
  • ROUTE53: Route53 uses a custom record type for SPF (#787)
  • NS1: Fixed MX records on NS1 (#783)
  • NS1: Added support for ALIAS, PTR, and TXTMuli (#776)

Other cool stuff:

  • Docs: Add a page about macros and loops (#832)
  • print-ir: print validation warnings/errors to stderr (#841)
  • Cleanup: Remove debug line left from development (#835) (#839)
  • Update dependencies (#838)
  • Cleanup: Fix many issues reported by staticcheck.io (#837)
  • Docs: Improve install instructions (#824)
  • Cleanup: Bubble errors up from diff instead of panic (#799) (#817)
Assets 5

Release v3.2.0

02 Jun 18:51
@tlimoncelli tlimoncelli
v3.2.0
7c3d498
Compare
Choose a tag to compare
Release v3.2.0

Lots of great new stuff! A new provider (PowerDNS), a new record type (DS), a new notification target (Slack), and "get-certs" now generates .PEM files.

SECURITY CHANGE:
get-certs now generates one additional file: a .pem file, which is just .crt + "\n" + .key ). While not breaking change, it does contain secrets and therefore should be protected. If you encrypt or otherwise protect the .key file, you should take the same care with the .pem file.

Major features:

  • NEW PROVIDER: PowerDNS
  • NEW RTYPE: DS (Thanks Robert and Nicolai!)
  • get-certs now generates .pem files (.crt + .key)
  • New notification target: Slack (Thanks Jan-Philipp!)

Provider-specific changes:

  • CLOUDFLAREAPI: Now supports DS records

Other stuff:

  • Lists of adds/changes/deletes are now sorted (#755)
  • Fixed vendoring problem
  • _domainconnect is added to the whitelist
  • Update many dependencies.
Assets 5

Release v3.1.1

23 May 14:35
@tlimoncelli tlimoncelli
v3.1.1
8449c49
Compare
Choose a tag to compare
Release v3.1.1

This release includes 3 new providers! deSEC (popular in Germany) NETCUP (popular in Russia), and AXFR+DNS (use the native DDNS protocol for updates). Plus many minor bug fixes, code cleanups, documentation improvements, and over course plenty of updated dependencies.

NOTE: Version v3.1.0 was not released due to a technical issue.

Major features:

  • NEW PROVIDER: AXFR+DDNS (#259) (#729)
  • NEW PROVIDER: deSEC (#725)
  • NEW PROVIDER: NETCUP (DNS) (#718)
  • Documentation: Clarify dev docs (#734)

Provider-specific changes:

  • OCTODNS: constant 4294967295 overflows int (Issue #736) (#738)
  • GCLOUD: SSHFP support for Google Cloud DNS #726
  • CLOUDFLAREAPI: CLOUDFLAREAPI now fails tests "IDNA:Internationalized_name" and "IDN_CNAME_AND_Target". These tests are skipped for now. Can I get a volunteer to help find and fix this issue?

Other changes:

  • Security: 'get-certs' permissions too open (#745)
  • get-zones: should comment out NAMESERVER() (#743)
  • get-zones: generate R53_ALIAS correctly (#721)
  • Documentation: Document IP() is IPv4 only (#744)
  • Cleanup: Fix GetNameserver() inconsistency on many providers (#491)
  • Support RFC 7505 "null MX" (#702) (#703)
  • Update dependencies for: AWS (#731), Azure (#731), GCLOUD, digital * ocean (#723), urfav/cli, DNSimple, and more
Assets 5

Release v3.0.0

22 Mar 19:19
@tlimoncelli tlimoncelli
v3.0.0
4f39eca
Compare
Choose a tag to compare
Release v3.0.0

DNSControl 3.0.0 is a major release!

Three new providers! Two new subcommands! Integration tests reworked! Tons of minor and major bug fixes, code cleanups, and more!

This release focused on some major internal changes that might break providers or require updates. These were all internal changes that are invisible to the user. In fact, there were no breaking changes to your dnsconfig.js file!

A special shout-out to all the providers that responded quickly to my many "call to action" requests. Thank you for all your help! We couldn't do it without you. Those requests were:

  • Providers should implement "get-zones" (#628)
  • Call to update dependencies (#619)
  • Call to update GetNameservers() to be more consistent (#491)
  • Integration tests refactored, please test! (#684)

Major features:

  • PROVIDER (UPGRADE): AZUREDNS is now officially supported!
  • PROVIDER (NEW): Internet.bs (#590)
  • PROVIDER (NEW): ClouDNS (#578)
  • PROVIDER (REMOVED): GANDI/GANDI-LIVEDNS removed. Use GANDI_V5 instead. It is officially supported, 100% backwards compatible, plus the code is cleaner and more modern.
  • New subcommand: dnscontrol check-creds helps debug your creds.json file.
  • New subcommand: dnscontrol get-zones helps convert zones to DNSControl (#641) (#613)
  • Let's Encrypt now tries all cert renewals before returning error (#611)
  • If your DNS provider supports AutoDNSSEC, DNSControl now has a way to interface with it.
  • Integration Tests Refactored: Integration tests have been reimagined and reorganized. It is now easier to work around providers with missing/broken features (#684)
  • BIND's serial number and SOA handling is rewritten to be less complex, cleaning, and less buggy (#652)

Provider-specific changes:

  • NEW PROVIDER: Internet.bs (#590)
  • NEW PROVIDER: ClouDNS (#578)
  • AZUREDNS is now an officially supported provider (#653)
  • AZUREDNS: Add support for Alias: AZURE_ALIAS() (#675)
  • AZUREDNS: Bug: Wrong domain updated in query (#615)
  • AZUREDNS: Do not warn about underscore for acm-validations.aws (#661)
  • BIND: Implement AutoDNSSEC (#648)
  • BIND: Simplify serial number generation (#652)
  • CLOUDFLARE: Correct redirect function documentation (#696)
  • DNSIMPLE: Add AUTODNSSEC, implement for DNSimple (#640)
  • DNSIMPLE: bug-fix SSHFP, add multi TXT support (#639)
  • DNSIMPLE: support NAPTR (#671)
  • GANDI_V5: Fix/support ALIAS, SSHFP, TLSA (#673)
  • GANDI_V5: Recognize that CanUseTXTMulti is valid (#680)
  • SOFTLAYER: Fixed Lets Encrypt Certificate issue #668 (#669)
  • SOFTLAYER: Fixed Softlayer TXT Record existence Issue #583 (#659)
  • NAMECHEAP: Add CAA support (#533)
  • DIGITALOCEAN: CAA is supported with some caveats (#592)
  • Implement get-zones and/or check-creds (#628)
    • BIND: Implement get-zones (#642)
    • CLOUDFLARE: get-zones --ttl flag should handle CF's magic TTLs better (#657)
    • ClouDNS: Get zone records implemented (#681)
    • NAMEDOTCOM: Implement get-zones (#645)
    • OVH: Add get-zones to the OVH provider (#666)
    • VULTR: Implemented get-zones (#628) (#670)
    • ACTIVEDIRECTORY: Implement get-zones (#643)
    • ROUTE53: Fully implement get-zones (#638)
    • DNSimple: Implement GetZones and ListZones (#637)
    • DIGITALOCEAN: Do get zones (#635)
    • AZUREDNS: Implement Get Zone for Azure DNS (#631)
  • Clean up (standardize) GetNameservers:
    • OVH: convert the OVH provider to models.ToNameservers (#679)
  • Update dependencies (#619)
    • EXOSCALE: Update exoscale/egoscale client to v0.23.0 (#664)
    • HEXONET: Update hexonet-sdk to v2.2.3+incompatible (#662)
    • GANDI_V5: Upgrade to newest github.com/tiramiseb/go-gandi
    • AZUREDNS: Upgraded Azure SDK to 39.1.0 (#627)
    • VULTR: Updated govultr to v0.2.0 (#619) (#624)
    • Update github.com/go-acme/lego (#623)
    • DIGITALOCEAN: Update digitalocean module (#622)
    • Update many modules (#620)
    • Upgrade urfave/cli to v2 (#614)
    • Update github.com/mjibson/esc (#515)

Minor changes, internal cleanups and documentation fixes:

  • New testing infrastructure for get-zones (#688)
  • GetNameservers is inconsistent across providers (#655)
  • Tests: ensure provider capabilities are checked (#650)
  • External dependencies updated (#691)
  • Documentation: Clarify require() name and usage (#690)
  • Moved providers/diff to pkg/diff (#692)
  • Update README.md (#689)
  • Upgrade go version to 1.14 (#676)
  • Remove unneeded SSHFP integration test (#677)
  • Update provider-list.md (#653)
  • Linting (#647)
  • pretty helpers.js (#649)
  • Add _mta-sts to labels allowed to have an underscore (#617)
  • LETS_ENCRYPT: Try all cert renewals before returning error. (#611)
  • LETS_ENCRYPT: get-certs: DNS01 challenge skipping preCheckDNS (#591)
  • RELENG: Doc should list correct version numbers (#607)
  • DOCS: Explain nameservers vs ns (#608)
  • DOCS: Clarify bug triage process (#606)
  • DOCS: Improve Lets Encrypt docs (#594)
  • Fixed issues from go vet (#605)
  • Switch to Go 1.13 error wrapping (#604)
  • Internals: Switch to v2 go.mod, and fix Azure Pipelines (#595)
  • Integration test: Track providers that support null TXT (#597)

For a complete list of bugs closed in this release please refer to this link.

Assets 5

Release v2.11

14 Feb 16:14
@atma-stackoverflow atma-stackoverflow
v2.11
ad5c624
Compare
Choose a tag to compare
Release v2.11

Big improvements for Gandi users, new providers (ClouDNS,
Internet.bs), many code and documentation improvements including a
move to Go Modules.

BREAKING CHANGE: GANDI_V5 is a significant improvement over the GANDI
and GANDI-LIVEDNS providers, both of which will be removed in 3.0.
Please migrate now.

Let's Encrypt now tries all renewals even if an earlier one fails.

Major changes:

  • NEW PROVIDER: GANDI_V5 (deprecates GANDI) (#572)
  • NEW PROVIDER: Internet.bs (#590)
  • NEW PROVIDER: ClouDNS (#578)
  • Add _mta-sts to labels allowed to have an underscore (#617)

Reliability improvements:

  • LETS_ENCRYPT: Try all cert renewals before returning error (#611)
  • LETS_ENCRYPT: DNS01 challenge no longer skips preCheckDNS (#591)

Provider-specific changes:

  • AZURE: Alias records no longer break DNSControl (#616)
  • AZURE: Fixes a situation where, wrong domain was gets updated (#615)
  • DIGITALOCEAN: CAA is supported with some caveats (#592)
  • NAMECHEAP: Add CAA support (#533)

Docs and internal changes:

  • DOCS: Updated release engineering process
  • DOCS: Better explain NAMESERVER() vs NS() (#608)
  • DOCS: Clarify bug triage process (#606)
  • DOCS: Improve Lets Encrypt docs (#594)
  • Updated module: upgrade urfave/cli to v2 (#614)
  • Updated module: upgrade github.com/mjibson/esc (#515)
  • Integration test: Add test for TXT with null string (#597)
  • Many code cleanups, linting, vetting (#605)
Assets 5

Release v2.10.0

20 Jan 00:36
@captncraig captncraig
v2.10.0
2d4c257
Compare
Choose a tag to compare
Release v2.10.0

Major Changes:

  • New Provider: Azure DNS (#547)
  • Switched from govendor to go modules for dependencies (#587)
  • Upgraded to Go 1.13 (#550)

Provider-specific changes:

  • Gandi: Support for multi-TXT records (#545)
  • Gandi: Print actual changes to be pushed (#546)
  • Vultr: Added support for SSHFP records (#531)
  • CloudFlare: Add ability to manage UniversalSSL (#496)
  • CloudFlare: Support API tokens (#555)
  • Route 53: Add AWS_PROFILE functionality (#567)

Minor cleanups:

Thanks to all contributors!

@tlimoncelli
@captncraig
@geek1011
@patschi
@tlnd-rdalverny
@vatsalyagoel
@BenoitKnecht
@mhenderson-so
@wsuff
@hmrbarros
@signalwerk
@zwo-bot
@pragmaton
@willpower232

Assets 5