vbrandl/vbrandl.net
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Releases Wiki Activity

Fix punctuation

Browse Source
This commit is contained in:
Valentin Brandl 2018-07-16 11:13:51 +02:00
parent 297b0b3102
commit a07048ed68
Signed by: vbrandl
GPG Key ID: CAD4DA1A789125F9
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
content/post/bind9-api.md
View File

@ -1,5 +1,5 @@
+++ +++
date = "2018-07-15T22:45:00+02:00" date = "2018-07-14T11:13:00+02:00"
publishdate = "2018-07-15T22:45:00+02:00" publishdate = "2018-07-15T22:45:00+02:00"
title = "BIND9 API" title = "BIND9 API"
description = "Building an API for the BIND9 DNS server to solve ACME DNS challenges" description = "Building an API for the BIND9 DNS server to solve ACME DNS challenges"
@ -12,12 +12,12 @@ tags = ["rust", "actix-web", "letsencrypt", "dns"]
I manage most of my domains using my own nameservers, running I manage most of my domains using my own nameservers, running
[BIND9][18] on two Debian VPS located in Italy (master) and France [BIND9][18] on two Debian VPS located in Italy (master) and France
(slave). Until now, I've been changing the DNS records by SSHing into (slave). Until now, I've been changing the DNS records by SSHing into
the machine and editing the zonefile by hand. This worked fine since I the machine and editing the zone file by hand. This worked fine since
rarely needed to change any DNS records. Then earlier this year, I rarely needed to change any DNS records. Then earlier this year,
[Let's Encrypt][0] put the ACME v2 endpoint into production which allows [Let's Encrypt][0] put the ACME v2 endpoint into production which
users to obtain wildcard certificates using the DNS challenge. This allows users to obtain wildcard certificates using the DNS challenge.
put me into a situation where I needed to create, update and delete This put me into a situation where I needed to create, update and
DNS records automatically. delete DNS records automatically.
<!-- more --> <!-- more -->
@ -74,7 +74,7 @@ reverse proxy like [nginx][11] to encrypt the requests using TLS or as
I am doing it, make the server listen on a private IP address inside I am doing it, make the server listen on a private IP address inside
an encrypted VLAN ([tinc][1] in my case). an encrypted VLAN ([tinc][1] in my case).
Once the body was verified using the pre-shared secret `nsupdate` is Once the body was verified using the pre-shared secret, `nsupdate` is
invoked and the following update or delete scripts are passed via invoked and the following update or delete scripts are passed via
stdin: stdin:
@ -140,7 +140,7 @@ host = "http://127.0.0.1:8080"
secret = "topsecret" secret = "topsecret"
``` ```
The final binaries, I use in production are compiled using the The final binaries, I use in production, are compiled using the
[`ekidd/rust-musl-builder` Docker image][16] to build completely [`ekidd/rust-musl-builder` Docker image][16] to build completely
static binaries by linking against the [musl libc][17] (Linking static binaries by linking against the [musl libc][17] (Linking
against the default glibc target, produces dynamically linked binaries against the default glibc target, produces dynamically linked binaries