API to control DNS?

Web hosting discussion, programming, and shared and dedicated servers.
11 posts Page 1 of 2
by lr » Sat Jun 16, 2018 9:33 pm
I have two domains for which Sonic is the DNS provider. I can edit the DNS by going into the web-based member tools, and change things. Is there a way to make the same change from an API?

Here's why. I'm using LetsEncrypt to get SSL certificates for my domain. The web server for the domains are actually not at Sonic, only the DNS is. The web server uses LetsEncrypt to get his SSL certificates. So far, this has worked well by using the web-server based challenges, with the "certbot" script which I have installed on my web server, and I'm getting host-specific certificates (for example one for www.example.com). So far, so good.

For truly bizarre reasons, I now need to get a wildcard certificate, for *.example.com. That can't be done with a web server challenge to a single host; it needs to be done by adding "text" DNS records to the domain. The good people who write the various certbot-like tools for LetsEncrypt have automated too ... if the DNS server provides an API for allowing text records to be updated by the LetsEncrypt scripts.

A few years ago, I remember learning that Sonic has some sort of API for DNS updates, but now I can't find it. Anyone know?
Linda and Ralph and John; 735 Sunset Ridge Road; Los Gatos, CA 95033; 408-395-1435
by dherr » Sun Jun 17, 2018 6:58 pm
I think this is it...

https://public-api.sonic.net/dyndns
by lr » Mon Jun 18, 2018 7:46 am
That looks right. Thanks so much. Now the fun starts: see whether and how this integrates with the LetsEncrypt tools. That will be my evening task.
Linda and Ralph and John; 735 Sunset Ridge Road; Los Gatos, CA 95033; 408-395-1435
by lr » Fri Jun 22, 2018 5:41 pm
So close, and yet so far ...

Yes, there is a wonderful API to update DNS information. I tested it, and it works like a charm. BUT: it is intended for dynamic DNS, and it can only be used to update A (and AAAA) records. I need to update TXT records for DNS challenges.

If someone from Sonic support is listening: Can you please wander over to the cubicle of whoever wrote this API, thank them for a job well done (it is really clear and logical, and I like the way the API key handles security). And then ask them whether it would fit into their schedule to add the capability to add TXT records? Considering in there that TXT records are pretty much arbitrary strings, and in the web-based user tools need to be quoted.

(Footnote: Small update to the documentation. In the "Requesting an API key" section, the "hostname" one has to supply is actually the domain name of the whole domain that the Sonic user owns, for example "example.com". In the "Updating host records" section, the hostname is the complete hostname, which would be "mail.example.com"
Linda and Ralph and John; 735 Sunset Ridge Road; Los Gatos, CA 95033; 408-395-1435
by lr » Fri Jun 29, 2018 8:56 pm
Hi. Could a Sonic staffer please think about supporting TXT records with an API? Or find some other way to interface to LetsEncrypt (and the certbot tool), so Sonic hosting / DNS customers can get HTTPS certificates using DNS-01 challenges?

I know Sonic has always been on the forefront of making the internet more secure for everyone, and generally "having our back". It would go along with that corporate culture to make it easier for Sonic's customers to also make their little corner of the Internet secure too, as easily as possible.
Linda and Ralph and John; 735 Sunset Ridge Road; Los Gatos, CA 95033; 408-395-1435
by mbrauer » Sun Apr 04, 2021 10:04 am
Seconding this request: would like to have the DNS API allow for altering TXT records.
by kgc » Mon Apr 05, 2021 12:49 pm
I'm digging around the code now, it should be pretty easy to support for TXT records with one caveat, it'll only work with ONE TXT record. If for some reason there are already more than one TXT record it'll replace the contents of ALL of them, if that's acceptable for your use cases I can knock it out. Extending the API to support more intelligent handling would basically require creating a full CRUD API for DNS which I don't think we can justify right now. (Is there a standard api for this already?)
Kelsey Cummings
System Architect, Sonic.net, Inc.
by kgc » Mon Apr 05, 2021 3:55 pm
Basic TXT record support has been added, see https://public-api.sonic.net/dyndns#upd ... st_records
Kelsey Cummings
System Architect, Sonic.net, Inc.
by alexeiser » Sun Apr 18, 2021 7:15 pm
I was able to make the new API work with the lego acme project - however I have found a few issues.

1) Use of _ is not supported in the hostname. so _acme-challenge is not allowed. It can be worked around by using a CNAME but use of _ in any of the hostname is not allowed either. You can set _ urls via Membertools.
2) You can not "delete" a hostname. This is minor, but means that the entries will always be present.

The fork with the sonic specific api is at https://github.com/alexeiser/lego/tree/sonic_api
by kgc » Mon Apr 19, 2021 11:15 am
I've updated the API to allow underscores like it should.
Deletes are a little more challenging, I think the only good way to do that would be to provide a method that'd return the entire contents of the zone with an index so you could call delete on the index and I was reluctant to commit that much time to this project.
Kelsey Cummings
System Architect, Sonic.net, Inc.
11 posts Page 1 of 2

Who is online

In total there are 4 users online :: 0 registered, 0 hidden and 4 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: No registered users and 4 guests