Navigation

PowerDNS compatible software

This page is intended to document different quirks SERVFAIL creates in PowerDNS-compatible software.

Tested software

The following lists clients which are "known, working, and battle-tested":

certbot-dns-pdns (see the cert-manager section for example configuration below)
cert-manager-webhook-pdns

If you're using a library or client which is not listed here, mention it on our IRC channel. Help with debugging broken clients is also heavily appreciated - we're always grateful for incompatibility reports and debug logs :)

Configuration examples

This section has some configuration examples and points out some quirks that may be introduced by read-only or missing APIs.

cert-manager

cert-manager users can use cert-manager-webhook-pdns.

Example issuer:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt
spec:
  acme:
    email: acme@example.org
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: issuer-account-key
    solvers:
      - dns01:
          webhook:
            groupName: cert-manager-webhook-pdns # must match the `groupName` of the webhook
            solverName: pdns
            config:
              host: https://beta.servfail.network/
              serverID: ns1.famfo.xyz. # one of the nameservers
              apiKeySecretRef:
                name: servfail-dns-api
                key: TOKEN
        selector: # optional
          dnsZones:
            - example.org

DNSControl

It is possible to use DNSControl with SERVFAIL using the PowerDNS API. Certain endpoints are currently not yet supported by the API proxy, therefore using the get-zones method of DNSControl for initial setup is not possible. See #127 for more details.

Example configuration:

dnsconfig.js

var DSP_SERVFAIL = NewDnsProvider("servfail", {
    'default_ns': [
        'ns1.famfo.xyz.',
        'ns2.famfo.xyz.',
        'miyuki.sakamoto.pl.',
        'ns1.homecloud.lol.',
        'sakamoto.pl.',
        'ns7.kytta.dev.',
        'ns1.fops.at.'
    ],
    'dnssec_on_create': false,
    'zone_kind': 'Native',
    'soa_edit_api': 'INCREASE',
    'use_views': true
});

creds.json

"servfail": {
    "TYPE": "POWERDNS",
    "apiKey": "<SERVFAIL_APIKEY>",
    "apiUrl": "https://beta.servfail.network/",
    "serverName": "ns1.famfo.xyz" // Set to the configured primary server where you setup the zone.
  }

Sample domain entry:

D("example.com", REG_NONE,
    DnsProvider(DSP_SERVFAIL),
    NAMESERVER_TTL(3600),
    DefaultTTL(600),
    AAAA("@", "2001:db8::1"),
    AAAA("*", "2001:db8::1"),
    SOA("@", "ns1.famfo.xyz.", "dns.famfo.xyz.", 3600, 1800, 604800, 600)
)