by bgupta » Mon Jul 27, 2020 1:37 pm
I use Sonic for DNS on a domain that I own. For a machine in this domain, I use a Let's Encrypt SSL cert. The LE certs are valid for 3 months at a time. For domain authentication purposes, I have a TXT record that allows LE's servers to verify domain ownership. As such I have to manually update that particular TXT record in order for LE to allow the renewal.

One available option for cert renewal is to use a nsupdate/RFC2136 call to the DNS server which updates the requested token in the TXT record. Since I am using Sonic for my DNS records, I am hoping that there is a way to programmatically update the TXT record (i.e. Sonic enables RFC2136/nsupdate API). After some digging, I understand that Sonic uses PowerDNS to serve the DNS queries and it turns out that PowerDNS has a method to enable RFC 2136 support (https://doc.powerdns.com/authoritative/dnsupdate.html).

What will it take for Sonic to enable this support for anyone that hosts their DNS records at Sonic and would like to programmatically update TXT (or other type) records? It's no more or less secure than logging into the member tools to change the info manually.

-Bhusan
18+ yr Sonic customer