github.com/StackExchange/dnscontrol/v4@v4.11.0/documentation/provider/hetzner.md

github.com/StackExchange/dnscontrol/v4@v4.11.0/documentation/provider/hetzner.md (about)

     1  ## Configuration
     2  
     3  To use this provider, add an entry to `creds.json` with `TYPE` set to `HETZNER`
     4  along with a [Hetzner API Key](https://dns.hetzner.com/settings/api-token).
     5  
     6  Example:
     7  
     8  {% code title="creds.json" %}
     9  ```json
    10  {
    11    "hetzner": {
    12      "TYPE": "HETZNER",
    13      "api_key": "your-api-key"
    14    }
    15  }
    16  ```
    17  {% endcode %}
    18  
    19  ## Metadata
    20  
    21  This provider does not recognize any special metadata fields unique to Hetzner
    22   DNS Console.
    23  
    24  ## Usage
    25  
    26  An example configuration:
    27  
    28  {% code title="dnsconfig.js" %}
    29  ```javascript
    30  var REG_NONE = NewRegistrar("none");
    31  var DSP_HETZNER = NewDnsProvider("hetzner");
    32  
    33  D("example.com", REG_NONE, DnsProvider(DSP_HETZNER),
    34      A("test", "1.2.3.4"),
    35  END);
    36  ```
    37  {% endcode %}
    38  
    39  ## Activation
    40  
    41  Create a new API Key in the
    42  [Hetzner DNS Console](https://dns.hetzner.com/settings/api-token).
    43  
    44  ## Caveats
    45  
    46  ### CAA
    47  
    48  As of June 2022, the Hetzner DNS Console API does not accept spaces in CAA
    49   records.
    50  ```text
    51  0 issue "letsencrypt.org; validationmethods=dns-01; accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/1234"
    52  ```
    53  
    54  Removing the spaces might still work for any consumer of the record.
    55  ```text
    56  0 issue "letsencrypt.org;validationmethods=dns-01;accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/1234"
    57  ```
    58  
    59  ### SOA
    60  
    61  Hetzner DNS Console does not allow changing the SOA record via their API.
    62  There is an alternative method using an import of a full BIND file, but this
    63   approach does not play nice with incremental changes or ignored records.
    64  At this time you cannot update SOA records via DNSControl.
    65  
    66  ### Rate Limiting
    67  
    68  Hetzner is rate limiting requests quite heavily.
    69  
    70  The rate limit and remaining quota is advertised in the API response headers.
    71  
    72  DNSControl will burst through half of the quota, and then it spreads the
    73   requests evenly throughout the remaining window. This allows you to move fast
    74   and be able to revert accidental changes to the DNS config in a timely manner.
    75  
    76  Every response from the Hetzner DNS Console API includes your limits:
    77  
    78  ```shell
    79  curl --silent --include \
    80      --header 'Auth-API-Token: ...' \
    81      https://dns.hetzner.com/api/v1/zones
    82  
    83  Access-Control-Allow-Origin *
    84  Content-Type application/json; charset=utf-8
    85  Date Sat, 01 Apr 2023 00:00:00 GMT
    86  Ratelimit-Limit 42
    87  Ratelimit-Remaining 33
    88  Ratelimit-Reset 7
    89  Vary Origin
    90  X-Ratelimit-Limit-Minute 42
    91  X-Ratelimit-Remaining-Minute 33
    92  ```
    93  With the above values, DNSControl will not delay the next 12 requests (until it
    94   hits `Ratelimit-Remaining: 21 # 42/2`) and then slow down requests with a
    95   delay of `7s/22 ≈ 300ms` between requests (about 3 requests per second).
    96  Performing these 12 requests might take longer than 7s, at which point the
    97   quota resets and DNSControl will burst through the quota again.
    98  
    99  DNSControl will retry rate-limited requests (status 429) and respect the
   100   advertised `Retry-After` delay.