Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Batching DNS changes #91

Closed
AirbornePorcine opened this issue Mar 23, 2018 · 3 comments
Closed

Batching DNS changes #91

AirbornePorcine opened this issue Mar 23, 2018 · 3 comments

Comments

@AirbornePorcine
Copy link

Which version of python are you using?

3.6.3

What operating system and version of operating system are you uing?

Running in Lambda

What version of sewer are you using?

0.5.1

What did you do? (be as detailed as you can)

I made a request for a SAN certificate for *.domain.com and SAN domain.com

What did you expect to see/happen/not happen?

A SAN cert would get issued for *.example.com and example.com, using route53 efficiently.

What did you actually see/happen?

I can make this work using route53, but the problem is that I have to make multiple modifications to my TXT entry, since Route53 treats TXT entries as a single DNS entry with multiple values (ie. on every request to create_dns_entry, I have to check if the record exists, and if so, append another TXT value to it. Then during deletion, I have to query for the entire DNS record so I can properly delete it).

It would be really helpful if DNS providers for sewer could either:
a) be handed all the DNS changes at once so they can optimize how they create entries or
b) receive a function call when all DNS changes that sewer determines need to be made have been sent to it via create_dns_record
@komuw
Copy link
Owner

komuw commented Mar 24, 2018

Hi,

First; thanks for using sewer and I'm glad to hear it seems to work for you. It's interesting that you are using it in AWS lambda no less.

What you are asking for sounds easy to do - off the top of my head- .
We would just need to move this line from inside the loop;

sewer/sewer/client.py

Line 660 in b0f54f4

self.dns_class.create_dns_record(dns_name, domain_dns_value)

However, I cant think of a way -again off the top of my head- to implement it in a backward compatible manner. This is because the method, create_dns_record;

sewer/sewer/dns_providers/common.py

Line 30 in b0f54f4

def create_dns_record(self, domain_name, domain_dns_value):
expects one domain name for every invocation and if we change it to accept more, it will be backward incompatible .

I'll mull on this for sometime. I'm happy to hear suggestions.

@komuw
Copy link
Owner

komuw commented Nov 28, 2018

or maybe if we used asyncio, we could race requests; i dont know

@komuw komuw mentioned this issue Mar 3, 2019
Open
@mmaney mmaney mentioned this issue Feb 6, 2020
Closed
This was referenced Apr 7, 2020
Closed
Open
@mmaney
Copy link
Collaborator

mmaney commented Jun 29, 2020

Batching of challenges first landed in #178 in the new ProviderBase class in auth.py. A still not quite final version is in release 0.8.2, and further refinement in the work that's been seeping into master since the release.

Of course the batching can't do anything immediately for the legacy DNS classes, but there's now an interface to migrate them to that can take advantage of batching. I think that addresses as much of this bug as I can - services that don't admit that there may be multiple occurrences of a record type for a single identity are... Well, we can always hope it's just their API that comes up so short, and that they fix it.

@mmaney mmaney closed this as completed Jun 29, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mmaney @komuw @AirbornePorcine