Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

 
alt

Daniel Nashed

 

Free DNS provider deSEC e.V. supported by Domino CertMgr

Daniel Nashed  8 December 2021 16:32:00

Image:Free DNS provider deSEC e.V. supported by Domino CertMgr

Yesterday I got a blog post comment from Rainer asking about support for a DNS project I did not know about. Thanks Rainer for this question and tip!

It is a community driven project from a non profit organization providing free DNS.

They support Dyn DNS and provide DNS for dedicated domains.


For test purposed I registered a sub-domain "domino.dedyn.io".
This is a perfect fit for my Domino lab I am preparing for a one day DNUG Domino 12.0.1 CertMgr & certificate hands on workshop in January.

-------

Once you registered the account at
https://desec.io you just have to specify your sub domain and an authorization token.
You can use the account with the new DNS-TXT API implementation I uploaded to the HCL GitHub project.


And it works well for
  • A test domain for CertMgr testing
  • Dyn DNS at home with a Domino server
  • CNAME delegated DNS-01 requests for domain hosted at another provider
  • And you can also use their UI or the REST API to create any type of DNS record for hosted servers

Some additional notes and a screen print

- This is also the most complex DNS-TXT API integration so far.
- The API has some limitations. Probably because of the way they designed their service back-end.

- So if you want to add another TXT record for a sub-domain/name, you have to first read the existing data and update the record with the new value.

- The REST based interface CertMgr in Domino 12.0 already provides query requests before an update or delete requests.

So I leveraged the query events to get the existing entries and had some @formula fun to calculate the updated record.
The integration is also a good reference how to build your own integrations.


You can download the new DXL file here -->
https://github.com/HCL-TECH-SOFTWARE/domino-cert-manager/tree/main/dns-providers/desec
Tip: Take care to use the RAW format when downloading -- else you download the HTML stream.


With curl you could use this command-line:


curl -LO
https://raw.githubusercontent.com/HCL-TECH-SOFTWARE/domino-cert-manager/main/dns-providers/desec/certstore_desec.dxl

-- Daniel



Here is a configuration once you have an account.


Image:Free DNS provider deSEC e.V. supported by Domino CertMgr




Links

    Archives


    • [IBM Lotus Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]