Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

 
alt

Daniel Nashed

 

Free DNS provider deSEC e.V. supported by Domino CertMgr

Daniel Nashed  8 December 2021 16:32:00

Image:Free DNS provider deSEC e.V. supported by Domino CertMgr

Yesterday I got a blog post comment from Rainer asking about support for a DNS project I did not know about. Thanks Rainer for this question and tip!

It is a community driven project from a non profit organization providing free DNS.

They support Dyn DNS and provide DNS for dedicated domains.


For test purposed I registered a sub-domain "domino.dedyn.io".
This is a perfect fit for my Domino lab I am preparing for a one day DNUG Domino 12.0.1 CertMgr & certificate hands on workshop in January.

-------

Once you registered the account at
https://desec.io you just have to specify your sub domain and an authorization token.
You can use the account with the new DNS-TXT API implementation I uploaded to the HCL GitHub project.


And it works well for
  • A test domain for CertMgr testing
  • Dyn DNS at home with a Domino server
  • CNAME delegated DNS-01 requests for domain hosted at another provider
  • And you can also use their UI or the REST API to create any type of DNS record for hosted servers

Some additional notes and a screen print

- This is also the most complex DNS-TXT API integration so far.
- The API has some limitations. Probably because of the way they designed their service back-end.

- So if you want to add another TXT record for a sub-domain/name, you have to first read the existing data and update the record with the new value.

- The REST based interface CertMgr in Domino 12.0 already provides query requests before an update or delete requests.

So I leveraged the query events to get the existing entries and had some @formula fun to calculate the updated record.
The integration is also a good reference how to build your own integrations.


You can download the new DXL file here -->
https://github.com/HCL-TECH-SOFTWARE/domino-cert-manager/tree/main/dns-providers/desec
Tip: Take care to use the RAW format when downloading -- else you download the HTML stream.


With curl you could use this command-line:


curl -LO
https://raw.githubusercontent.com/HCL-TECH-SOFTWARE/domino-cert-manager/main/dns-providers/desec/certstore_desec.dxl

-- Daniel



Here is a configuration once you have an account.


Image:Free DNS provider deSEC e.V. supported by Domino CertMgr




Comments

1Ulrich Krause  08.12.2021 18:24:40  Free DNS provider deSEC e.V. supported by Domino CertMgr

Great tipp. Thanks. Donated some money to the project.

2Peter Thomassen  08.12.2021 23:39:18  Free DNS provider deSEC e.V. supported by Domino CertMgr

Hi,

Thank you for writing on your experience with deSEC. Regarding your feedback on the RRset update API, we would love to discuss better solutions with you. Would you mind getting in touch with us via email?

Thanks!

Stay secure,

Peter

Links

    Archives


    • [IBM Lotus Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]