Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TRANSIP: CAA multiple corrections #2788

Closed
cafferata opened this issue Jan 11, 2024 · 5 comments · Fixed by #2789
Closed

TRANSIP: CAA multiple corrections #2788

cafferata opened this issue Jan 11, 2024 · 5 comments · Fixed by #2789

Comments

@cafferata
Copy link
Collaborator

Describe the bug

I wanted to apply #2728 to one of our domains. I noticed that a delete and a create correction are performed. While a txt record only performs one correction.

To Reproduce

Example CAA_BUILDER()

    CAA_BUILDER({
        label: '@',
        iodef: 'mailto:info@jcid.nl',
+       iodef_critical: true,
        issue: [
            'letsencrypt.org',
            'sectigo.com',
        ],
        issuewild: 'none',
    }),
dnscontrol push --domains jcid.nl
******************** Domain: jcid.nl
2 corrections (transip)
#1: [2/2] delete: ± MODIFY jcid.nl CAA (0 iodef "mailto:info@jcid.nl" ttl=86400) -> (128 iodef "mailto:info@jcid.nl" ttl=86400)
SUCCESS!
#2: [1/2] create: ± MODIFY jcid.nl CAA (0 iodef "mailto:info@jcid.nl" ttl=86400) -> (128 iodef "mailto:info@jcid.nl" ttl=86400)
SUCCESS!
Done. 2 corrections.

Example CAA()

CAA(
    '@',
    'iodef',
-    'mailto:info@jcid.nl'
+    'mailto:info@jcid.nl',
+    CAA_CRITICAL
),
CAA('@', 'issue', 'letsencrypt.org'),
CAA('@', 'issue', 'sectigo.com'),
CAA('@', 'issuewild', 'none'),
dnscontrol push --domains jcid.nl
******************** Domain: jcid.nl
2 corrections (transip)
#1: [2/2] delete: ± MODIFY jcid.nl CAA (0 iodef "mailto:info@jcid.nl" ttl=86400) -> (128 iodef "mailto:info@jcid.nl" ttl=86400)
SUCCESS!
#2: [1/2] create: ± MODIFY jcid.nl CAA (0 iodef "mailto:info@jcid.nl" ttl=86400) -> (128 iodef "mailto:info@jcid.nl" ttl=86400)
SUCCESS!
Done. 2 corrections.

Example TXT()

TXT(
    '@', 
-    'v=spf -all'
+    'v=spf ~all'
),
dnscontrol push --domains jcid.nl
******************** Domain: jcid.nl
1 correction (transip)
#1: ± MODIFY jcid.nl TXT ("v=spf -all" ttl=86400) -> ("v=spf ~all" ttl=86400)
SUCCESS!
Done. 1 corrections.

Expected behavior

Just one update command.

dnscontrol push --domains jcid.nl
******************** Domain: jcid.nl
1 corrections (transip)
#1: ± MODIFY jcid.nl CAA (0 iodef "mailto:info@jcid.nl" ttl=86400) -> (128 iodef "mailto:info@jcid.nl" ttl=86400)
SUCCESS!
Done. 1 corrections.

DNS Provider

  • TRANSIP

cc: Maintainer TransIP/builder diff2: @blackshadev
@blackshadev
Copy link
Contributor

Unfortunately this is not a bug, it is a feature.

TransIP doesn't allow to update a single record in an record set. So for cases were there were several records with the same label, and type I needed to have an alternative solution. Luckily they do allow deletes of a single record in a record set, and of course creating a new record in said record set. So that is why you see the delete and (re)create.

@tlimoncelli
Copy link
Contributor

Two suggestions:

  1. Document this. Something like:

Due to the way TransIP's API works, some records can not be modified. Instead, the old record is deleted and the replacement is added. You'll see [1/2] and [2/2] in the output to indicate this is happening. Here's an example:

#1: [2/2] delete: ± MODIFY jcid.nl CAA (0 iodef "mailto:info@jcid.nl" ttl=86400) -> (128 iodef "mailto:info@jcid.nl" ttl=86400)
SUCCESS!
#2: [1/2] create: ± MODIFY jcid.nl CAA (0 iodef "mailto:info@jcid.nl" ttl=86400) -> (128 iodef "mailto:info@jcid.nl" ttl=86400)
SUCCESS!
  1. Clarify what's happening in the output.

The delete should be [1/2] and the create should be [2/2].

@cafferata
Copy link
Collaborator Author

Thanks you @blackshadev for your quick explanation. I was not aware of these TransIP restrictions. I validated it using an HTTP request:

Request

PATCH https://api.transip.nl/v6/domains/jcid.help/dns

{
    "dnsEntry": {
        "name": "@",
        "expire": 86400,
        "type": "CAA",
        "content": "0 iodef \"mailto:info@jcid.nl\""
    }
}

Response

{
    "error": "Multiple matches found for DNS entry '@ 86400 CAA'"
}

When multiple or none of the current DNS entries matches, the response will be an error with http status code 406.

https://api.transip.nl/rest/docs.html#domains-dns-patch

@cafferata cafferata mentioned this issue Jan 11, 2024
Merged
@cafferata
Copy link
Collaborator Author

See the GitHub pull request here #2789

@blackshadev blackshadev mentioned this issue Jan 11, 2024
Merged
@blackshadev
Copy link
Contributor

blackshadev commented Jan 11, 2024
edited

  1. Document this.

@cafferata is already on it, so I will look at his PR but not create my own.

edit: you already merged his PR, sooooo good job guys!

The delete should be [1/2] and the create should be [2/2].

Ah this is stupid. Why this is: I started out with first creating and than deleting because it seemed more stable. But than when updating TTL TransIP will not accept the create call. Fixed it in #2791

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

DOCS: TransIP - Described API limitations cafferata/dnscontrol
3 participants
@cafferata @blackshadev @tlimoncelli