github.com/StackExchange/dnscontrol/v4@v4.11.0/documentation/provider/hedns.md (about) 1 ## Important Note 2 Hurricane Electric does not currently expose an official JSON or XML API, and as such, this provider interacts directly 3 with the web interface. Because there is no officially supported API, this provider may cease to function if Hurricane 4 Electric changes their interface, and you should be willing to accept this possibility before relying on this provider. 5 6 ## Configuration 7 8 To use this provider, add an entry to `creds.json` with `TYPE` set to `HEDNS` 9 along with 10 your `dns.he.net` account username and password. These are the same username 11 and password used to log in to the [web interface](https://dns.he.net). 12 13 {% code title="creds.json" %} 14 ```json 15 { 16 "hedns": { 17 "TYPE": "HEDNS", 18 "username": "yourUsername", 19 "password": "yourPassword" 20 } 21 } 22 ``` 23 {% endcode %} 24 25 ### Two factor authentication 26 27 If two-factor authentication has been enabled on your account you will also need to provide a valid TOTP code. 28 This can also be done via an environment variable: 29 30 {% code title="creds.json" %} 31 ```json 32 { 33 "hedns": { 34 "TYPE": "HEDNS", 35 "username": "yourUsername", 36 "password": "yourPassword", 37 "totp": "$HEDNS_TOTP" 38 } 39 } 40 ``` 41 {% endcode %} 42 43 and then you can run 44 45 ```shell 46 HEDNS_TOTP=12345 dnscontrol preview 47 ``` 48 49 It is also possible to directly provide the shared TOTP secret using the key "totp-key" in `creds.json`. This secret is 50 only available when first enabling two-factor authentication. 51 52 **Security Warning**: 53 * Anyone with access to this `creds.json` file will have *full* access to your Hurricane Electric account and will be 54 able to modify and delete your DNS entries 55 * Storing the shared secret together with the password weakens two factor authentication because both factors are stored 56 in a single place. 57 58 {% code title="creds.json" %} 59 ```json 60 { 61 "hedns": { 62 "TYPE": "HEDNS", 63 "username": "yourUsername", 64 "password": "yourPassword", 65 "totp-key": "yourTOTPSharedSecret" 66 } 67 } 68 ``` 69 {% endcode %} 70 71 ### Persistent Sessions 72 73 Normally this provider will refresh authentication with each run of dnscontrol. This can lead to issues when using 74 two-factor authentication if two runs occur within the time period of a single TOTP token (30 seconds), as reusing the 75 same token is explicitly disallowed by RFC 6238 (TOTP). 76 77 To work around this limitation, if multiple requests need to be made, the option `"session-file-path"` can be set in 78 `creds.json`, which is the directory where a `.hedns-session` file will be created. This can be used to allow reuse of an 79 existing session between runs, without the need to re-authenticate. 80 81 This option is disabled by default when this key is not present, 82 83 **Security Warning**: 84 * Anyone with access to this `.hedns-session` file will be able to use the existing session (until it expires) and have 85 *full* access to your Hurrican Electric account and will be able to modify and delete your DNS entries. 86 * It should be stored in a location only trusted users can access. 87 88 {% code title="creds.json" %} 89 ```json 90 { 91 "hedns": { 92 "TYPE": "HEDNS", 93 "username": "yourUsername", 94 "password": "yourPassword", 95 "totp-key": "yourTOTPSharedSecret", 96 "session-file-path": "." 97 } 98 } 99 ``` 100 {% endcode %} 101 102 ## Metadata 103 This provider does not recognize any special metadata fields unique to Hurricane Electric DNS. 104 105 ## Usage 106 An example configuration: 107 108 {% code title="dnsconfig.js" %} 109 ```javascript 110 var REG_NONE = NewRegistrar("none"); 111 var DSP_HEDNS = NewDnsProvider("hedns"); 112 113 D("example.com", REG_NONE, DnsProvider(DSP_HEDNS), 114 A("test", "1.2.3.4"), 115 END); 116 ``` 117 {% endcode %}