Skip to content

@tlimoncelli tlimoncelli released this May 13, 2021

This release includes many small improvements and a long-awaited change to SOA handling. SOA records can now be inserted using the SOA() function (mostly affects BIND, as most providers auto-generate SOA records). CAA now works for NS1; ALIAS records now work for NS1 and NAMECHEAP. AXFRDDNS now lets you select connection protocol. POWERDNS more correctly handles complex updates. MSDNS now supports PSSession and alternative credentials.

Thanks to all the people that submitted PRs! This is truly a community-driven release!

Breaking changes:

  • SOA record handling: All changes are upward compatible but if you use BIND and manipulate SOA records some extra testing is recommended.

Major features:

  • Direct SOA record management (#1115)

Provider-specific changes:

  • NS1: Enable support for CAA (#1150)
  • NS1: fix ALIAS handling (#1154)
  • POWERDNS: fix order problems of delete corrections & some cleanup (#1153)
  • NAMECHEAP: Enable ALIAS support (#1149)
  • AXFRDDNS: adds update/transfer connection modes support (#1143)
  • MSDNS Fix pssession; Allow alternative credentials (#1140)

Other changes and improvements:

  • DOCS: Fix typo: will will -> will (#1152)
  • DEV: Add integration test for SOA (#1147)
  • DEV: Speed up integration tests (#1138)
  • DEV: Update deps (#1141)
Assets 7

@tlimoncelli tlimoncelli released this Apr 22, 2021

This release includes many bug fixes and one new feature. The new feature is that instead of reading creds.json, that information can be determined by running a program instead. Simply make the file executable (chmod +x or precede it with a "!", such as --creds '!/path/to/'

Breaking changes:

  • On non-Windows systems, the creds.json file should not have the executable bit set.

Major features:

  • IGNORE_NAME: Should work at domain apex (bugfix) (#1118)
  • creds.json info can come from an executable (#1119)

Provider-specific changes:

  • BIND: Improve SOA documentation (#1132)
  • GANDI_V5: Add "get-zones" support (#1117)
  • GANDI_V5: supports DS records already (#1112)
  • HEXONET: introducing semver to HEXONET provider (#1120)
  • OVH: Add "get-zones" support (#1117)
  • ROUTE53: Docs should specify FQDN with dot. (#1130)

Other changes and improvements:

  • TESTING: Improve DS comments (#1134)
  • Maint: DS record tests should use more realistic data (#1127)
  • DOCS: Document how to preview website (#1133)
  • Fix doc error (#1113)
Assets 7

@tlimoncelli tlimoncelli released this Mar 28, 2021

This release is packed with new features and improvements!

  • Two new providers! (DNS Made Easy and
  • A new experimental formatter for "dnsconfig.js" (dnscontrol fmt)
  • An easier way to build DMARC records (DMARC_BUILDER())
  • Sadly, the SOFTLAYER is now unmaintained. We need a volunteer. See #1080

Some internals improvements will help future provider-authors:

  • TXT records has been completely rewritten to enable providers to indicate all their edge cases, such as not permitting long strings, or not permitting double-quotes in strings. This should make long and/or strange TXT records easier to handle in the future. The code is cleaner and more simple. Plus, it is general and supports all DNS records, not just TXT.
  • The "target" field is no longer exported. This completes a change that started many months ago to require Getters and Setters for the RecordConfig.Target field. This makes providers less brittle and prepares us for using Go's future Generics. Thanks to all the provider authors who helped test this new feature.


  • DESEC: Long txt records may break, especially if the string includes double quotes. If you use DeSEC you may want to skip this release. See #996

Thanks to the multitudes for contributing to this release!

Major features:

  • Re-engineer TXT records for simplicity and better compliance (#1063)
  • New Feature: JS formatter and prettifier (#917) FYI: This is an experimental feature. It depends on an external module that may not be supported in the long term.
  • NEW PROVIDER: DNS Made Easy (#1093)
  • NEW PROVIDER: (#1041)
  • SOFTLAYER: Mark provider as unmaintained (#1080)

Provider-specific changes:

  • HEXONET: AuditRecord should permit TXT with long strings (#1107)
  • CLOUDNS: Improve automated testing (#1103)
  • CLOUDNS: Fetch permitted TTL values from API #1078 (#1102)
  • CLOUDNS. Enable SRV and PTR records (#1101)
  • CLOUDNS: ClouDNS does NOT allow multiple TXT records with same name (#1098)
  • CLOUDNS: Note that TXT records do not permit double-quotes. Fix typo (#1094)
  • POWERDNS: allow alias-records to be parsed (#1096)
  • HEDNS: Fix issue with domain listing on completely empty accounts
  • ROUTE53: Disable failing tests
  • HEDNS: Enable automatic integration testing (#1068)
  • HEDNS: Fix CNAME, NS and PTR record handling of trailing . (#1064)
  • POWERDNS: Some minor fixes for ALIAS and TXTMulti and integration testing (#1065)

Other changes and improvements:

  • "Target" RecordConfig should not be exported (#1061)
  • IGNORE_*: Warn about fragility (#1108)
  • DKIM is a no-op now (#1084)
  • Update dependencies (#1110) (#1100)
  • Developer: Github Actions should use cache steps (#1097)
  • Linting (#1087)
  • DOCS: Clarify that create-domains does not purchase them (#1086)
  • Make GCLOUD and GANDI_V5 module names consistent (#1060) (#1059)
  • BUG: D_EXTEND should not apply DEFAULTS{} (#1055)
Assets 7

@tlimoncelli tlimoncelli released this Feb 19, 2021

This release introduces a major new feature: support for split horizons! The beta users give it two thumbs up, but as with any new feature please adopt it with care. Also in this release are new features for NS1, ClouDNS, and some code cleanups and bug fixes.

Split horizon DNS support introduces a new name scheme for domains: "domain!horizon", where "horizon" differentiates between multiple
instances of the same domain. Define D("!inside") and D("!outside"), for example. The two "" domains are unrelated and must be populated individually.

Breaking changes:

  • none

Major features:

  • NEW FEATURE: Support Split Horizon DNS (#1034)

Provider-specific changes:

  • NS1: Support NS1_URLFWD (#1046)
  • CLOUDNS: Implement AUTOSPLIT (#1035)
  • BIND: Specify zone filenames using a printf-like specification (#1034)

Other changes and improvements:

  • BUG: Labels that are FQDN can cause panics (#1040)
Assets 7

@tlimoncelli tlimoncelli released this Jan 30, 2021

This release includes 2 new providers, a new FETCH() command, and much more!

MSDNS is a new provivder for the Microsoft Windows Server DNS Server. It issues PowerShell commands to do its updates. It will eventually replace ACTIVEDIRECTORY_PS, which was becoming difficult to maintain. MSDNS is very new so test with care. Please report bugs ASAP.

ORACLE is our newest provider. Welcome to the DNSControl family!

FETCH() is a new feature that can "curl" a JSON file. Use the --allow-fetch command line flag to enable this potentially risky feature.

Thanks to all the volunteers for their contributions, especially Atma for helping improve the releng automation!

Breaking changes:

  • None

Major features:

  • NEW PROVIDER: Oracle Cloud (#1021)
  • New feature: FETCH() permits http gets in dnsconfig.js (#1007)

Provider-specific changes:

  • CLOUDFLAREAPI: Now works with PunyCode/IDNA (#1019)
  • CLOUDFLAREAPI: Support Punycode for CF_REDIRECT/CF_TEMP_REDIRECT (with tests) (#1026)
  • CLOUDNS: Add DS record support (#1018)
  • GCCLOUD: Add TLSA Support (#1015)
  • HEXONET: Update (#1029)
  • OCTODNS: Add SPF support for RecordConfig (#1020)
  • OVH: Enable TXTMulti (#1003) (#1008)

Other changes and improvements:

  • RELENG: Automate releng more (#1006)
  • RELENG: Build RPM and DEB packages (#1030)
Assets 7

@tlimoncelli tlimoncelli released this Dec 7, 2020

This release includes so many updates and fixes it is difficult to
summarize them all!

Major features:

  • NEW PROVIDER: HETZNER DNS Console (#904)
  • NEW FEATURE: You can now set variables through flags on the command line (#918) (#913)
  • BREAKING CHANGE: Long TXT records require AUTOSPLIT to be split (#957) and are checked are check/preview time (#947) (See below)
  • ENHANCEMENT: "dnscontrol get-zones" now outputs the "orange cloud" flag for CloudFlare (#952)

BREAKING CHANGE: Previously different providers handled them differently; some gave an error and others split them silently into 255-octet chunks. This created unhappy surprises when switching providers. Now strings longer than 255-octet must be explictly split (manually or by using the AUTOSPLIT flag). See

NEW AUTOMATED TESTING! Each PR now triggers a suite of automated tests. If you maintain a provider, you can "bring your own secrets" to activate testing in your fork. This should make it easier to contribute to the project! (thanks Max Horstmann, our GitHub Actions wizard!)

Provider-specific changes:

  • AZURE_DNS: Remove artificial delays (#943)
  • CLOUDFLAREAPI: get-zones now outputs "orange cloud" status (#952)
  • CLOUDFLAREAPI: Support TXTMulti and empty TXT targets (#978)
  • DIGITALOCEAN: Abide by rate limits (#934)
  • DIGITALOCEAN: Support TXTMulti with caveats (#949)
  • GCLOUD: Don't panic() on unknown domain name (#944)
  • GCLOUD: Retry on ratelimit (#946) and 502 (#984)
  • HETZNER: Allow TXTMulti (#963)
  • HETZNER: better rate limit handling (#936) (#926)A
  • HETZNER: create and modify multiple records in batches (#925) (#789)
  • HEXONET: Add GHA tests. Update docs. (#942)
  • INWX: Guard against single-quote TXT targets (#971)
  • INWX: enable multi txt support (#981)
  • POWERDNS: Fix documentation: config keys use camel case (#962)
  • ROUTE53: Fix R53_ALIAS creation failure (#938)

Code maintenance:

  • TESTING: Enable Bring-Your-Own-Secrets (#982) (#977)
  • TESTING: js_test.go now generates zonefiles and tests them (#986)
  • BUG: Fix REV and PTR when used together or with D_EXTEND (#979)
  • BUG: Refactored R53_ALIAS code to be more predictably correct, and fix many bugs along the way (#938)
  • BUG: Unknown rtypes should return errors, not a panic (#945)
  • CODE HEALTH: Reduce the use of panic(): Unknown rtypes return errors, not panic (#945)
  • CODE HEALTH: Rename provider handles to *Provider (#914) (#911)
  • CODE HEALTH: deps updates and linting (#905)
  • DOCS: Fix golint and vendoring notes (#948)
  • DOCS: Update install instructions (#951)
  • MAINT: Add a .editorconfig file (#921)
  • MAINT: Fix parse_test numbering (#985)
  • MAINT: Many deps updated (#988)
  • MAINT: gofmt -s all the things! (#983)
Assets 5

@tlimoncelli tlimoncelli released this Oct 12, 2020

(Version 3.4.0 and 3.4.1 were skipped due to an issue while making the release.)

This release includes 1 new Registrar, improvements to others (especially HEXONET), and dozens of other improvements. Thanks for all the contributors!

Major new features:

  • New Registrar: CSC Global (#827)
  • New function: D_EXTEND adds records to an existing D(); possibly in a subdomain (#885) (thanks to @ad8-bdl!)
  • AUTODNSSEC is now AUTODNSSEC_ON (#863). If neither AUTODNSSEC_ON or AUTODNSSEC_OFF is included in a domain, AutoDNSSEC is left alone.
  • Errors in dnsconfig.js and subfiles now indicate the proper filename and line.
  • DOCS: Better document nameserver scenarios (#868)
  • NAMESERVER() validity check fixed (#866)
  • Many other bug fixes and document improvements.

Provider-specific changes:

  • HEXONET: Implement get-zones.
  • HEXONET: Upgraded to newest module.
  • ROUTE53: Documented but with legacy records (#901)
  • INWX: Support creating domains (#855)
  • INWX: add additional documentation about 2FA (#865)
  • PowerDNS: Implemented AUTODNSSEC (#856)
  • VULTR: Update govultr to v1.0.0 (fixes #892) (#897)
  • VULTR: Null MX records are not supported (#702) (#894)
  • GANDI_V5: Use, not (#883)

Help wanted:

  • #873: NS1 has no maintainer. Volunteer needed or we may have to remove this provider.
  • #874: Anyone interested in making a fmt tool for dnsconfig.js?
  • Requests for providers for RcodeZero #884, #854, Constellix (DNSMadeEasy) #842, and others.

Project changes:

  • No "vendoring". Remove vendoring notes from release-engineering.
  • Go modules now required. Remove support for pre-module builds.
Assets 5

@tlimoncelli tlimoncelli released this Sep 4, 2020

This release brings three new providers (DNS-over-HTTPS, Hurricane Electric DNS, INWX), the ability to send notifications to Microsoft Teams, new functions (require_glob(), IGNORE_TARGET(), IGNORE_LABEL(), DU_EXTEND()), plenty of bugfixes and updates for providers, plus a lot of cleanups and documentation improvements!

Thanks to all the contributors!

Major features:

  • NEW PROVIDER: DOH: Read-only Registrar that validates NS records (#840)
  • NEW PROVIDER: HEDNS: Hurricane Electric DNS ( (#822)
  • NEW NOTIFIER: Add support for Microsoft Teams (#812)
  • Validation: New rules for validiating labels with underbars (#830)
  • New feature: require_glob() (similar to require() but supports globs) (#804)
  • New feature: IGNORE_TARGET. Rename INGORE to IGNORE_NAME (#806)
  • New feature: IGNORE label renamed to IGNORE_LABEL (IGNORE still exists for compatibility) (#806)
  • New feature: New features: D_EXTEND() getConfiguredDomains() to assist modifying domains (#800)
  • SPF Optimizer: Enable the use of TXTMulti records to support longer SPF records (#794)
  • SPF Optimizer: Make it possible to disable the raw SPF optimizer debug record (#795)
  • SPF Optimizer: spf flattener can make first record extra short (#781)
  • Long lists of adds/deletes are now sorted on some providers (for cosmetic reasons)
  • Provider support for DS records as children only (#765)
  • correct flag names (#758)

Provider-specific features:

  • AZURE: Cleanup: Errorf is a pure function but its return value is ignored #836 (#843)
  • AZURE: Fixed bug related to having >100 Zones (#816)
  • CLOUDFLARE: Set TTL to 1 for Cloudflare page rules (#828)
  • BIND: Add TTL to BIND SoaInfo struct (#820)
  • deSEC: Supports PTR records out of the box (#801)
  • PowerDNS: Fix PowerDNS domain creation (#786)
  • ROUTE53: Route53 uses a custom record type for SPF (#787)
  • NS1: Fixed MX records on NS1 (#783)
  • NS1: Added support for ALIAS, PTR, and TXTMuli (#776)

Other cool stuff:

  • Docs: Add a page about macros and loops (#832)
  • print-ir: print validation warnings/errors to stderr (#841)
  • Cleanup: Remove debug line left from development (#835) (#839)
  • Update dependencies (#838)
  • Cleanup: Fix many issues reported by (#837)
  • Docs: Improve install instructions (#824)
  • Cleanup: Bubble errors up from diff instead of panic (#799) (#817)
Assets 5

@tlimoncelli tlimoncelli released this Jun 2, 2020

Lots of great new stuff! A new provider (PowerDNS), a new record type (DS), a new notification target (Slack), and "get-certs" now generates .PEM files.

get-certs now generates one additional file: a .pem file, which is just .crt + "\n" + .key ). While not breaking change, it does contain secrets and therefore should be protected. If you encrypt or otherwise protect the .key file, you should take the same care with the .pem file.

Major features:

  • NEW RTYPE: DS (Thanks Robert and Nicolai!)
  • get-certs now generates .pem files (.crt + .key)
  • New notification target: Slack (Thanks Jan-Philipp!)

Provider-specific changes:

  • CLOUDFLAREAPI: Now supports DS records

Other stuff:

  • Lists of adds/changes/deletes are now sorted (#755)
  • Fixed vendoring problem
  • _domainconnect is added to the whitelist
  • Update many dependencies.
Assets 5

@tlimoncelli tlimoncelli released this May 23, 2020

This release includes 3 new providers! deSEC (popular in Germany) NETCUP (popular in Russia), and AXFR+DNS (use the native DDNS protocol for updates). Plus many minor bug fixes, code cleanups, documentation improvements, and over course plenty of updated dependencies.

NOTE: Version v3.1.0 was not released due to a technical issue.

Major features:

  • NEW PROVIDER: AXFR+DDNS (#259) (#729)
  • NEW PROVIDER: deSEC (#725)
  • Documentation: Clarify dev docs (#734)

Provider-specific changes:

  • OCTODNS: constant 4294967295 overflows int (Issue #736) (#738)
  • GCLOUD: SSHFP support for Google Cloud DNS #726
  • CLOUDFLAREAPI: CLOUDFLAREAPI now fails tests "IDNA:Internationalized_name" and "IDN_CNAME_AND_Target". These tests are skipped for now. Can I get a volunteer to help find and fix this issue?

Other changes:

  • Security: 'get-certs' permissions too open (#745)
  • get-zones: should comment out NAMESERVER() (#743)
  • get-zones: generate R53_ALIAS correctly (#721)
  • Documentation: Document IP() is IPv4 only (#744)
  • Cleanup: Fix GetNameserver() inconsistency on many providers (#491)
  • Support RFC 7505 "null MX" (#702) (#703)
  • Update dependencies for: AWS (#731), Azure (#731), GCLOUD, digital * ocean (#723), urfav/cli, DNSimple, and more
Assets 5