Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dns_he.sh support for dynamic TXT entries for improved security #5320

Open
Gorgonbert opened this issue Oct 9, 2024 · 1 comment
Open

dns_he.sh support for dynamic TXT entries for improved security #5320

Gorgonbert opened this issue Oct 9, 2024 · 1 comment

Comments

@Gorgonbert
Copy link

Gorgonbert commented Oct 9, 2024
edited
Loading

Hi,

Hurricane Electric has added a feature to enable the TXT validation for dynamic DNS domains.
They announced the feature on https://dns.he.net/ (text below for convenience)

The current implementation of the "dns_he" script requires the credentials that give full access to all the DNS entries at the HE DNS service. The new feature of HE's DNS service offers the possibility to use credentials to one specific "TXT" entry and is therefore a lot more secure. If these credentials are leaked, only that specific entry can be compromised.

It would be highly desirable if the "dns_he" script could implement this feature.

In my research I found that "markkuleinio" has already submitted a new script to the dev branch (#5237) but it's currently not moving forward.

Here is HE's description:

Dynamic TXT Records

We've received requests for dynamic TXT records for use with Let's Encrypt Certificates. We've added them in using the same basic ddns syntax that we already provide with the difference being the use of 'txt=' in place of 'myip='. You will need to create the dynamic TXT record from within the dns.he.net interface before you will be able to make updates. You will not be able to dynamically create and delete these TXT records as doing so would subsequently remove your ddns key associated with the record.

Authentication being passed in the URL
% curl -4 "http://_acme-challenge.example.com:password@dyn.dns.he.net/nic/update?hostname=dyn.example.com&txt=evaGxfADs6pSRb..."

Authentication and Updating using GET
% curl "https://dyn.dns.he.net/nic/update?hostname=_acme-challenge.example.com&password=password&txt=evaGxfADs6pSRb..."

Authentication and Updating using a POST
% curl "https://dyn.dns.he.net/nic/update" -d "hostname=_acme-challenge.example.com" -d "password=password" -d "txt=evaGxfADs6pSRb..."
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 9, 2024

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Gorgonbert