Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

alt

Daniel Nashed

Daniel Nashed's Blog

Free DNS provider deSEC e.V. supported by Domino CertMgr

Daniel Nashed – 8 December 2021 15:32:00

Image:Free DNS provider deSEC e.V. supported by Domino CertMgr

Yesterday I got a blog post comment from Rainer asking about support for a DNS project I did not know about. Thanks Rainer for this question and tip!
It is a community driven project from a non profit organization providing free DNS.

They support Dyn DNS and provide DNS for dedicated domains.

For test purposed I registered a sub-domain "domino.dedyn.io".
This is a perfect fit for my Domino lab I am preparing for a one day DNUG Domino 12.0.1 CertMgr & certificate hands on workshop in January.
-------
Once you registered the account at https://desec.io you just have to specify your sub domain and an authorization token.
You can use the account with the new DNS-TXT API implementation I uploaded to the HCL GitHub project.

And it works well for
  • A test domain for CertMgr testing
  • Dyn DNS at home with a Domino server
  • CNAME delegated DNS-01 requests for domain hosted at another provider
  • And you can also use their UI or the REST API to create any type of DNS record for hosted servers

Some additional notes and a screen print

- This is also the most complex DNS-TXT API integration so far.
- The API has some limitations. Probably because of the way they designed their service back-end.
- So if you want to add another TXT record for a sub-domain/name, you have to first read the existing data and update the record with the new value.
- The REST based interface CertMgr in Domino 12.0 already provides query requests before an update or delete requests.
So I leveraged the query events to get the existing entries and had some @formula fun to calculate the updated record.
The integration is also a good reference how to build your own integrations.

You can download the new DXL file here --> https://github.com/HCL-TECH-SOFTWARE/domino-cert-manager/tree/main/dns-providers/desec
Tip: Take care to use the RAW format when downloading -- else you download the HTML stream.

With curl you could use this command-line:

curl -LO https://raw.githubusercontent.com/HCL-TECH-SOFTWARE/domino-cert-manager/main/dns-providers/desec/certstore_desec.dxl

-- Daniel


Here is a configuration once you have an account.

Image:Free DNS provider deSEC e.V. supported by Domino CertMgr




Recent Entries

Feeds

Links

    Archives

    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]