diff --git a/dnsconfig.js b/dnsconfig.js index 025fed6..64fa930 100644 --- a/dnsconfig.js +++ b/dnsconfig.js @@ -16,8 +16,18 @@ DEFAULTS( DnsProvider(DNS_CLOUDFLARE), DefaultTTL(1), CF_MANAGE_COMMENTS, // opt into comments syncing - CAA("@", "iodef", "mailto:" + reportEmail), - CAA("@", "issue", "letsencrypt.org"), + CAA_BUILDER({ + iodef: "mailto:" + reportEmail, + iodef_critical: true, + issue: ["letsencrypt.org"], + issue_critical: true, + issuewild: ["letsencrypt.org"], + issuewild_critical: true, + issuevmc: "none", + issuevmc_critical: true, + issuemail: "none", + issuemail_critical: true, + }), ); /* ****************************************************************************************************************** *\ @@ -68,18 +78,19 @@ D("achlfr.email", REG_101DOMAIN, RexBox Services \* -------------------------------------------------------------------------- */ cnames("arirex.me", rexbox, [ - "OpenWebUI@ai", - "Traefik Forward Auth@auth", + "Chhoto URL@l", "Enclosed@bin", - "Matrix / Client@chat", - "Pocket ID@id", "IT Tools@it", "Karakeep@karakeep", - "Chhoto URL@l", + "Matrix / Client@chat", "Matrix / Server@matrix", "Minecraft@mc", "Ntfy@ntfy", + "OpenWebUI@ai", + "Pocket ID@id", + // "Prompts@prompts", "Traefik@traefik", + "Traefik Forward Auth@auth", ]); cnames("achl.fr", rexbox, [ @@ -93,11 +104,11 @@ cnames("achl.fr", rexbox, [ cnames("arirex.me", rexcloud, [ "Beszel@beszel", "Gitea@git", - "IPFS@gw", - "IPFS@*.ipfs.gw", - "IPFS@*.ipns.gw", - "SearXNG@search", + "IPFS Subdomain Gateway@*.ipfs.gw", + "IPFS Subdomain Gateway@*.ipns.gw", + "IPFS Path Gateway@gw", // "LibreSpeed@speedtest", + "SearXNG@search", ]); /* -------------------------------------------------------------------------- *\ diff --git a/types-dnscontrol.d.ts b/types-dnscontrol.d.ts index 9239cba..4f1e35b 100644 --- a/types-dnscontrol.d.ts +++ b/types-dnscontrol.d.ts @@ -1,7 +1,7 @@ // This file was automatically generated by DNSControl. Do not edit it directly. // To update it, run `dnscontrol write-types`. -// 4.34.0 +// 4.35.0 // WARNING: These type definitions are experimental and subject to change in future releases. interface Domain { @@ -784,13 +784,13 @@ declare function CNAME(name: string, target: string, ...modifiers: RecordModifie * In this situation, you will see an error message such as: * * ``` - * Skipping registrar REGISTRAR: No nameservers declared for domain "example.com". Add {no_ns:'true'} to force + * Skipping registrar REGISTRAR: No nameservers declared for domain "example.com". Add {no_ns: "true"} to force * ``` * * To add this, add the meta data to the zone immediately following the registrar. * * ```javascript - * D("example.com", REG_MY_PROVIDER, {no_ns:'true'}, + * D("example.com", REG_MY_PROVIDER, {no_ns: "true"}, * ... * ... * ... @@ -959,11 +959,11 @@ declare const DISABLE_IGNORE_SAFETY_CHECK: DomainModifier; * pubkey: "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC5/z4L", * label: "subdomain", * version: "DKIM1", - * hashtypes: ['sha1', 'sha256'], + * hashtypes: ["sha1", "sha256"], * keytype: "rsa", * note: "some human-readable notes", - * servicetypes: ['email'], - * flags: ['y', 's'], + * servicetypes: ["email"], + * flags: ["y", "s"], * ttl: 150 * }), * ); @@ -1400,6 +1400,57 @@ declare function FRAME(name: string, target: string, ...modifiers: RecordModifie */ declare function HASH(algorithm: "SHA1" | "SHA256" | "SHA512", value: string): string; +/** + * `HEDNS_DDNS_KEY` enables Dynamic DNS on a record managed by the Hurricane Electric DNS provider and sets a specific DDNS key (token). This implies [`HEDNS_DYNAMIC_ON`](HEDNS_DYNAMIC_ON.md). + * + * The DDNS key can then be used with the HE DDNS update API (`https://dyn.dns.he.net/nic/update`) to update the record's value. + * + * **Note:** DDNS keys are **write-only**. dnscontrol sets the key on the provider but cannot read back the current key. This means a key-only change (same record data, new key) will not be detected as a difference. To force an update, also change another field such as the TTL. + * + * ```javascript + * D("example.com", REG_NONE, DnsProvider(DSP_HEDNS), + * A("dyn", "0.0.0.0", HEDNS_DDNS_KEY("my-secret-token")), + * AAAA("dyn6", "::1", HEDNS_DDNS_KEY("another-token")), + * ); + * ``` + * + * @see https://docs.dnscontrol.org/language-reference/record-modifiers/service-provider-specific//hedns_ddns_key + */ +declare function HEDNS_DDNS_KEY(key: string): RecordModifier; + +/** + * `HEDNS_DYNAMIC_OFF` explicitly disables Dynamic DNS on a record managed by the Hurricane Electric DNS provider. This will clear any DDNS key previously associated with the record. + * + * Use this modifier when you want to ensure a record that was previously dynamic is returned to a static state. + * + * ```javascript + * D("example.com", REG_NONE, DnsProvider(DSP_HEDNS), + * A("static", "5.6.7.8", HEDNS_DYNAMIC_OFF), + * ); + * ``` + * + * @see https://docs.dnscontrol.org/language-reference/record-modifiers/service-provider-specific//hedns_dynamic_off + */ +declare const HEDNS_DYNAMIC_OFF: RecordModifier; + +/** + * `HEDNS_DYNAMIC_ON` enables [Dynamic DNS](https://dns.he.net/) on a record managed by the Hurricane Electric DNS provider. When enabled, HE DNS assigns a DDNS key to the record that can be used with the HE DDNS update API (`https://dyn.dns.he.net/nic/update`). + * + * If a record is already dynamic, its dynamic state is preserved across modifications even without explicitly specifying this modifier. + * + * To set a specific DDNS key, use [`HEDNS_DDNS_KEY()`](HEDNS_DDNS_KEY.md) instead. + * + * ```javascript + * D("example.com", REG_NONE, DnsProvider(DSP_HEDNS), + * A("dyn", "0.0.0.0", HEDNS_DYNAMIC_ON), + * AAAA("dyn6", "::1", HEDNS_DYNAMIC_ON), + * ); + * ``` + * + * @see https://docs.dnscontrol.org/language-reference/record-modifiers/service-provider-specific//hedns_dynamic_on + */ +declare const HEDNS_DYNAMIC_ON: RecordModifier; + /** * HTTPS adds an HTTPS record to a domain. The name should be the relative label for the record. Use `@` for the domain apex. The HTTPS record is a special form of the SVCB resource record. * @@ -2425,6 +2476,98 @@ declare function LUA(name: string, rtype: string, contents: string | string[], . */ declare function M365_BUILDER(opts: { label?: string; mx?: boolean; autodiscover?: boolean; dkim?: boolean; skypeForBusiness?: boolean; mdm?: boolean; domainGUID?: string; initialDomain?: string }): DomainModifier; +/** + * `MIKROTIK_FORWARDER` manages a RouterOS DNS forwarder entry (`/ip/dns/forwarders`). The `name` parameter can be a domain name (e.g. `corp.example.com`) or an arbitrary alias (e.g. `my-upstream`). These named entries can then be referenced as the target of [`MIKROTIK_FWD`](MIKROTIK_FWD.md) records. + * + * Forwarder records must be placed in the synthetic zone `_forwarders.mikrotik`. This zone should appear **before** any zones that reference its entries by name in `dnsconfig.js` to ensure proper creation order. + * + * See the [MikroTik RouterOS provider page](../../provider/mikrotik.md) for full configuration details. + * + * Metadata keys supported: + * + * | Key | Description | + * |--------------------|----------------------------------------------------| + * | `doh_servers` | DoH server URLs for this forwarder. | + * | `verify_doh_cert` | Set to `"true"` to verify the DoH certificate. | + * | `comment` | Comment stored on the RouterOS forwarder entry. | + * + * ```javascript + * D("_forwarders.mikrotik", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER), + * // Domain-based forwarder: forward corp.example.com to internal DNS servers. + * MIKROTIK_FORWARDER("corp.example.com", "10.0.0.53,10.0.0.54"), + * + * // Alias-based forwarder with DoH. + * MIKROTIK_FORWARDER("doh-upstream", "1.1.1.1", {doh_servers: "https://cloudflare-dns.com/dns-query", verify_doh_cert: "true"}), + * ); + * + * // Then reference the alias in a FWD record: + * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER), + * MIKROTIK_FWD("@", "doh-upstream", {match_subdomain: "true"}), + * ); + * ``` + * + * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific//mikrotik_forwarder + */ +declare function MIKROTIK_FORWARDER(name: string, dns_servers: string, ...modifiers: RecordModifier[]): DomainModifier; + +/** + * `MIKROTIK_FWD` creates a RouterOS FWD (conditional DNS forwarding) static entry. These records instruct the MikroTik router to forward DNS queries matching the name to a specified upstream server, optionally populating a RouterOS address list with resolved addresses. + * + * The `target` can be an IP address (e.g. `8.8.8.8`) or the name of a [`MIKROTIK_FORWARDER`](MIKROTIK_FORWARDER.md) entry (e.g. `my-upstream`). + * + * See the [MikroTik RouterOS provider page](../../provider/mikrotik.md) for full configuration details. + * + * Metadata keys supported: + * + * | Key | Description | + * |-------------------|--------------------------------------------------------------------| + * | `match_subdomain` | Set to `"true"` to also match subdomains of the name. | + * | `regexp` | RouterOS regexp for query matching. | + * | `address_list` | RouterOS address list to populate with resolved addresses. | + * | `comment` | Comment stored on the RouterOS record. | + * + * ```javascript + * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER), + * // Forward all queries for example.com and subdomains to 8.8.8.8, + * // add resolved addresses to the "vpn-list" address list. + * MIKROTIK_FWD("@", "8.8.8.8", {match_subdomain: "true", address_list: "vpn-list"}), + * + * // Forward internal.example.com to a named forwarder entry. + * MIKROTIK_FWD("internal", "corp-dns", {match_subdomain: "true"}), + * ); + * ``` + * + * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific//mikrotik_fwd + */ +declare function MIKROTIK_FWD(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier; + +/** + * `MIKROTIK_NXDOMAIN` creates a RouterOS NXDOMAIN static entry. The router will respond with NXDOMAIN for any DNS queries matching the specified name. This is commonly used for DNS-based ad blocking or blackholing. + * + * See the [MikroTik RouterOS provider page](../../provider/mikrotik.md) for full configuration details. + * + * Metadata keys supported: + * + * | Key | Description | + * |-------------------|--------------------------------------------------------------------| + * | `match_subdomain` | Set to `"true"` to also match subdomains of the name. | + * | `regexp` | RouterOS regexp for query matching. | + * | `comment` | Comment stored on the RouterOS record. | + * + * ```javascript + * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER), + * // Block ads.example.com with NXDOMAIN. + * MIKROTIK_NXDOMAIN("ads"), + * + * // Block tracking.example.com and all its subdomains. + * MIKROTIK_NXDOMAIN("tracking", {match_subdomain: "true"}), + * ); + * ``` + * + * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific//mikrotik_nxdomain + */ +declare function MIKROTIK_NXDOMAIN(name: string, ...modifiers: RecordModifier[]): DomainModifier; + /** * `MX` adds a [Mail exchange record](https://www.rfc-editor.org/rfc/rfc1035) to the domain. * @@ -3126,7 +3269,7 @@ declare const PURGE: DomainModifier; * * _S3 bucket_ (configured as website): specify the hosted zone ID for the region that you created the bucket in. You can find it in [the List of regions and hosted Zone IDs](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) * * _Another Route 53 record_: you can either specify the correct zone id or do not specify anything and DNSControl will figure out the right zone id. (Note: Route53 alias can't reference a record in a different zone). * - * Target health evaluation can be enabled with the [`R53_EVALUATE_TARGET_HEALTH`](../record-modifiers/R53\_EVALUATE\_TARGET\_HEALTH.md) record modifier. + * Target health evaluation can be enabled with the [`R53_EVALUATE_TARGET_HEALTH`](../record-modifiers/R53_EVALUATE_TARGET_HEALTH.md) record modifier. * * ```javascript * D("example.com", REG_MY_PROVIDER, DnsProvider("ROUTE53"),