Allow updating of other record types

[trogper]

I'd like to propose the idea of changing other DNS record types. For example TXT record _acme-challenge is used to issue SSL certificates in ACME (letsencrypt) protocol.
I personally use ISPConfig for DNS and have a Raspberry pi at home which updates it's DNS record via DDNS. To request a basic certificate, you only need to host a file on the webserver, but for wildcard certificate, you need to set this TXT record's value to a provided challenge.

[mhofer117]

When building this module, I also thought about adding some type of acme challenge support.

However there is no standardized acme dns-01 challenge protocol.
Every provider has their own API and custom acme client plugins.

There is already a general DNS API in ISPConfig.
There are also existing solutions using the standard API with some acme clients, for example this one for certbot:
https://github.com/m42e/certbot-dns-ispconfig

For this reason no other record types / protocols were implemented yet.

[trogper]

DNS-01 for letsencrypt only requires TXT record under specified zone.
The certbot plugin you mentioned requires API credentials, which give the client permission to update any DNS record on the server, it can not be limited to one domain only.
You can think of your plugin as a generic DNS API, but with much finer granularity. DNS is just one usecase of such API.
From what I understand about ISPconfig's DNS, adding support for other record types should be just adding the types into the combo box in edit/create form.

[mhofer117]

This is true and maybe I'll revisit this in the future.
Contributions are welcome too of course.

[mhofer117]

I have published a new release v1.3.0 which supports adding / deleting TXT records.
Client support still needs to be implemented, for example with a new certbot plugin.

Let me know if there are any questions or if someone is working on a client implementation.

[trogper]

Thank you very much, I will try it later. What I should have noted is, that to issue a wildcard certificate, you need to set two different TXT records with the same name (at least for Let's Encrypt). Do you support multiple records with the same name/hostname?

[mhofer117]

What I should have noted is, that to issue a wildcard certificate, you need to set two different TXT records with the same name (at least for Let's Encrypt). Do you support multiple records with the same name/hostname?

Yes that's possible. It's also one of the reasons why it was not as simple as just allowing another record type.

You can add as many TXT records with the token as you need. For the same Domain. As long as no use quota is exceeded.

It also means when deleting a TXT record, you need to include the same data in the request so the correct entry can be matched.

[mhofer117]

Version 1.4.1 was released which contains small improvements for TXT update requests.

Because I was personally interested in getting this to work, I released a new certbot plugin which is using this API and can successfully request (wildcard) SSL certificates: https://github.com/mhofer117/certbot-dns-ispconfig-ddns