Skip to content
Permalink
Browse files
Add DNS Plugin DomainOffensive (#245)
  • Loading branch information
Armitxes committed May 11, 2020
1 parent 5ecc33f commit 7053cf5a31a43e3af61b20232b502b40e0d896d8
Show file tree
Hide file tree
Showing 2 changed files with 175 additions and 0 deletions.
@@ -0,0 +1,30 @@
# How To Use the Domain Offensive DNS Plugin

This plugin works against the [Domain Offensive](https://www.do.de/) DNS provider. It is assumed that you have already setup an account and created the DNS zone(s) you will be working against.

## Setup

We need to retrieve an secret API token for the account that will be used to update DNS records. Further information can ba found at the (german) [developer docs](https://www.do.de/wiki/LetsEncrypt_-_Entwickler).

## Using the Plugin

Your personal API token is specified using the `DomOffToken` or `DomOffTokenInsecure` parameter.


### Windows and/or PS 6.2+ only (secure string)
```powershell
$secToken = Read-Host -Prompt "Token" -AsSecureString
$pArgs = @{
DomOffToken = $secToken
}
New-PACertificate example.com -DnsPlugin DomainOffensive -PluginArgs $pArgs
```


### Any OS (default string)
```powershell
$pArgs = @{
DomOffTokenInsecure = 'token-value'
}
New-PACertificate example.com -DnsPlugin DomainOffensive -PluginArgs $pArgs
```
@@ -0,0 +1,145 @@
function Add-DnsTxtDomainOffensive {
[CmdletBinding(DefaultParameterSetName='Secure')]
param(
[Parameter(Mandatory,Position=0)]
[string]$RecordName,
[Parameter(Mandatory,Position=1)]
[string]$TxtValue,
[Parameter(ParameterSetName='Secure', Mandatory, Position=2)]
[securestring]$DomOffToken,
[Parameter(ParameterSetName='Insecure', Mandatory, Position=2)]
[string]$DomOffTokenInsecure,
[Parameter(ValueFromRemainingArguments)]
$ExtraParams
)

# Decrypt the secure string token
if ('Secure' -eq $PSCmdlet.ParameterSetName) {
$DomOffTokenInsecure = (New-Object PSCredential "user", $DomOffToken).GetNetworkCredential().Password
}

Write-Verbose "Adding $RecordName with value $TxtValue on Domain Offensive"
$uri = "https://www.do.de/api/letsencrypt?token=$DomOffTokenInsecure&domain=$RecordName&value=$TxtValue"
try {
$response = Invoke-RestMethod -Method Get -Uri $uri @script:UseBasic -EA Stop
} catch { throw }

if (!$response.success) {
throw "Failed to add Domain Offensive DNS record; Result=$($response)"
}

<#
.SYNOPSIS
Add a DNS TXT record to a Domain Offensive DNS Zone
.DESCRIPTION
Add a DNS TXT record to a Domain Offensive DNS Zone
.PARAMETER DomOffToken
Token as provided by Domain Offensive. This SecureString version should only be used on Windows or any OS with PowerShell 6.2+.
.PARAMETER DomOffTokenInsecure
Token as provided by Domain Offensive. Works on any OS.
.PARAMETER RecordName
The fully qualified name of the TXT record.
.PARAMETER TxtValue
The value of the TXT record.
.EXAMPLE
$secToken = Read-Host -Prompt "Token" -AsSecureString
PS C:\>Add-DnsTxtDomainOffensive '_acme-challenge.example.com' 'txt-value' $secToken
Adds the specified TXT record with the specified value using a secure token.
.EXAMPLE
Add-DnsTxtDomainOffensive '_acme-challenge.example.com' 'txt-value' 'token-value'
Adds the specified TXT record with the specified value using a standard string token.
.LINK
https://www.do.de/wiki/LetsEncrypt_-_Entwickler
#>
}

function Remove-DnsTxtDomainOffensive {
[CmdletBinding(DefaultParameterSetName='Secure')]
param(
[Parameter(Mandatory,Position=0)]
[string]$RecordName,
[Parameter(Mandatory,Position=1)]
[string]$TxtValue,
[Parameter(ParameterSetName='Secure', Mandatory, Position=2)]
[securestring]$DomOffToken,
[Parameter(ParameterSetName='Insecure', Mandatory, Position=2)]
[string]$DomOffTokenInsecure,
[Parameter(ValueFromRemainingArguments)]
$ExtraParams
)

# Decrypt the secure string token
if ('Secure' -eq $PSCmdlet.ParameterSetName) {
$DomOffTokenInsecure = (New-Object PSCredential "user", $DomOffToken).GetNetworkCredential().Password
}

Write-Verbose "Removing $RecordName with value $TxtValue on Domain Offensive"
$uri = "https://www.do.de/api/letsencrypt?token=$DomOffTokenInsecure&domain=$RecordName&action=delete"
try {
$response = Invoke-RestMethod -Method Get -Uri $uri @script:UseBasic -EA Stop
} catch { throw }

if (!$response.success) {
throw "Failed to remove Domain Offensive DNS record; Result=$($response)"
}

<#
.SYNOPSIS
Remove a DNS TXT record from Domain Offensive DNS
.DESCRIPTION
Remove a DNS TXT record from Domain Offensive DNS
.PARAMETER DomOffToken
Token as provided by Domain Offensive. This SecureString version should only be used on Windows or any OS with PowerShell 6.2+.
.PARAMETER DomOffTokenInsecure
Token as provided by Domain Offensive. Works on any OS.
.PARAMETER Domain
The fully qualified name of the TXT record to be removed.
.EXAMPLE
$secToken = Read-Host -Prompt "Token" -AsSecureString
PS C:\>Remove-DnsTxtDomainOffensive '_acme-challenge.example.com' 'txt-value' $secToken
Removes the specified TXT record with the specified value using a secure token.
.EXAMPLE
Remove-DnsTxtDomainOffensive '_acme-challenge.example.com' 'txt-value' 'token-value'
Removes the specified TXT record with the specified value using a standard string token.
.LINK
https://www.do.de/wiki/LetsEncrypt_-_Entwickler
#>
}

function Save-DnsTxtDomainOffensive {
[CmdletBinding()]
param(
[Parameter(ValueFromRemainingArguments)]
$ExtraParams
)

<#
.SYNOPSIS
Not required.
.DESCRIPTION
This provider does not require calling this function to commit changes to DNS records.
.PARAMETER ExtraParams
This parameter can be ignored and is only used to prevent errors when splatting with more parameters than this function supports.
#>
}

0 comments on commit 7053cf5

Please sign in to comment.