1
// Package pdns implements a DNS provider for solving the DNS-01
2
// challenge using PowerDNS nameserver.
17
"github.com/xenolf/lego/acme"
20
// DNSProvider is an implementation of the acme.ChallengeProvider interface
21
type DNSProvider struct {
27
// NewDNSProvider returns a DNSProvider instance configured for pdns.
28
// Credentials must be passed in the environment variable:
29
// PDNS_API_URL and PDNS_API_KEY.
30
func NewDNSProvider() (*DNSProvider, error) {
31
key := os.Getenv("PDNS_API_KEY")
32
hostUrl, err := url.Parse(os.Getenv("PDNS_API_URL"))
37
return NewDNSProviderCredentials(hostUrl, key)
40
// NewDNSProviderCredentials uses the supplied credentials to return a
41
// DNSProvider instance configured for pdns.
42
func NewDNSProviderCredentials(host *url.URL, key string) (*DNSProvider, error) {
44
return nil, fmt.Errorf("PDNS API key missing")
47
if host == nil || host.Host == "" {
48
return nil, fmt.Errorf("PDNS API URL missing")
51
provider := &DNSProvider{
55
provider.getAPIVersion()
60
// Timeout returns the timeout and interval to use when checking for DNS
61
// propagation. Adjusting here to cope with spikes in propagation times.
62
func (c *DNSProvider) Timeout() (timeout, interval time.Duration) {
63
return 120 * time.Second, 2 * time.Second
66
// Present creates a TXT record to fulfil the dns-01 challenge
67
func (c *DNSProvider) Present(domain, token, keyAuth string) error {
68
fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
69
zone, err := c.getHostedZone(fqdn)
76
// pre-v1 API wants non-fqdn
77
if c.apiVersion == 0 {
78
name = acme.UnFqdn(fqdn)
82
Content: "\"" + value + "\"",
95
ChangeType: "REPLACE",
99
Records: []pdnsRecord{rec},
104
body, err := json.Marshal(rrsets)
109
_, err = c.makeRequest("PATCH", zone.URL, bytes.NewReader(body))
118
// CleanUp removes the TXT record matching the specified parameters
119
func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
120
fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
122
zone, err := c.getHostedZone(fqdn)
127
set, err := c.findTxtRecord(fqdn)
137
ChangeType: "DELETE",
141
body, err := json.Marshal(rrsets)
146
_, err = c.makeRequest("PATCH", zone.URL, bytes.NewReader(body))
154
func (c *DNSProvider) getHostedZone(fqdn string) (*hostedZone, error) {
156
authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
161
url := "/servers/localhost/zones"
162
result, err := c.makeRequest("GET", url, nil)
167
zones := []hostedZone{}
168
err = json.Unmarshal(result, &zones)
174
for _, zone := range zones {
175
if acme.UnFqdn(zone.Name) == acme.UnFqdn(authZone) {
180
result, err = c.makeRequest("GET", url, nil)
185
err = json.Unmarshal(result, &zone)
190
// convert pre-v1 API result
191
if len(zone.Records) > 0 {
192
zone.RRSets = []rrSet{}
193
for _, record := range zone.Records {
197
Records: []pdnsRecord{record},
199
zone.RRSets = append(zone.RRSets, set)
206
func (c *DNSProvider) findTxtRecord(fqdn string) (*rrSet, error) {
207
zone, err := c.getHostedZone(fqdn)
212
_, err = c.makeRequest("GET", zone.URL, nil)
217
for _, set := range zone.RRSets {
218
if (set.Name == acme.UnFqdn(fqdn) || set.Name == fqdn) && set.Type == "TXT" {
223
return nil, fmt.Errorf("No existing record found for %s", fqdn)
226
func (c *DNSProvider) getAPIVersion() {
227
type APIVersion struct {
228
URL string `json:"url"`
229
Version int `json:"version"`
232
result, err := c.makeRequest("GET", "/api", nil)
237
var versions []APIVersion
238
err = json.Unmarshal(result, &versions)
244
for _, v := range versions {
245
if v.Version > latestVersion {
246
latestVersion = v.Version
249
c.apiVersion = latestVersion
252
func (c *DNSProvider) makeRequest(method, uri string, body io.Reader) (json.RawMessage, error) {
253
type APIError struct {
254
Error string `json:"error"`
257
if c.host.Path != "/" {
260
if c.apiVersion > 0 {
261
if !strings.HasPrefix(uri, "api/v") {
262
uri = "/api/v" + strconv.Itoa(c.apiVersion) + uri
267
url := c.host.Scheme + "://" + c.host.Host + path + uri
268
req, err := http.NewRequest(method, url, body)
273
req.Header.Set("X-API-Key", c.apiKey)
275
client := http.Client{Timeout: 30 * time.Second}
276
resp, err := client.Do(req)
278
return nil, fmt.Errorf("Error talking to PDNS API -> %v", err)
281
defer resp.Body.Close()
283
if resp.StatusCode != 422 && (resp.StatusCode < 200 || resp.StatusCode >= 300) {
284
return nil, fmt.Errorf("Unexpected HTTP status code %d when fetching '%s'", resp.StatusCode, url)
287
var msg json.RawMessage
288
err = json.NewDecoder(resp.Body).Decode(&msg)
298
// check for PowerDNS error message
299
if len(msg) > 0 && msg[0] == '{' {
300
var apiError APIError
301
err = json.Unmarshal(msg, &apiError)
305
if apiError.Error != "" {
306
return nil, fmt.Errorf("Error talking to PDNS API -> %v", apiError.Error)
312
type pdnsRecord struct {
313
Content string `json:"content"`
314
Disabled bool `json:"disabled"`
317
Name string `json:"name"`
318
Type string `json:"type"`
319
TTL int `json:"ttl,omitempty"`
322
type hostedZone struct {
323
ID string `json:"id"`
324
Name string `json:"name"`
325
URL string `json:"url"`
326
RRSets []rrSet `json:"rrsets"`
329
Records []pdnsRecord `json:"records"`
333
Name string `json:"name"`
334
Type string `json:"type"`
335
Kind string `json:"kind"`
336
ChangeType string `json:"changetype"`
337
Records []pdnsRecord `json:"records"`
338
TTL int `json:"ttl,omitempty"`
342
RRSets []rrSet `json:"rrsets"`