Release v3.2.0

Lots of great new stuff! A new provider (PowerDNS), a new record type (DS), a new notification target (Slack), and "get-certs" now generates .PEM files.

SECURITY CHANGE:
get-certs now generates one additional file: a .pem file, which is just .crt + "\n" + .key ). While not breaking change, it does contain secrets and therefore should be protected. If you encrypt or otherwise protect the .key file, you should take the same care with the .pem file.

Major features:

• NEW PROVIDER: PowerDNS
• NEW RTYPE: DS (Thanks Robert and Nicolai!)
• get-certs now generates .pem files (.crt + .key)
• New notification target: Slack (Thanks Jan-Philipp!)

Provider-specific changes:

• CLOUDFLAREAPI: Now supports DS records

Other stuff:

• Lists of adds/changes/deletes are now sorted (#755)
• Fixed vendoring problem
• _domainconnect is added to the whitelist
• Update many dependencies.

Release v3.1.1

This release includes 3 new providers! deSEC (popular in Germany) NETCUP (popular in Russia), and AXFR+DNS (use the native DDNS protocol for updates). Plus many minor bug fixes, code cleanups, documentation improvements, and over course plenty of updated dependencies.

NOTE: Version v3.1.0 was not released due to a technical issue.

Major features:

• NEW PROVIDER: AXFR+DDNS (#259) (#729)
• NEW PROVIDER: deSEC (#725)
• NEW PROVIDER: NETCUP (DNS) (#718)
• Documentation: Clarify dev docs (#734)

Provider-specific changes:

• OCTODNS: constant 4294967295 overflows int (Issue #736) (#738)
• GCLOUD: SSHFP support for Google Cloud DNS #726
• CLOUDFLAREAPI: CLOUDFLAREAPI now fails tests "IDNA:Internationalized_name" and "IDN_CNAME_AND_Target". These tests are skipped for now. Can I get a volunteer to help find and fix this issue?

Other changes:

• Security: 'get-certs' permissions too open (#745)
• get-zones: should comment out NAMESERVER() (#743)
• get-zones: generate R53_ALIAS correctly (#721)
• Documentation: Document IP() is IPv4 only (#744)
• Cleanup: Fix GetNameserver() inconsistency on many providers (#491)
• Support RFC 7505 "null MX" (#702) (#703)
• Update dependencies for: AWS (#731), Azure (#731), GCLOUD, digital * ocean (#723), urfav/cli, DNSimple, and more

Release v3.0.0

DNSControl 3.0.0 is a major release!

Three new providers! Two new subcommands! Integration tests reworked! Tons of minor and major bug fixes, code cleanups, and more!

This release focused on some major internal changes that might break providers or require updates. These were all internal changes that are invisible to the user. In fact, there were no breaking changes to your dnsconfig.js file!

A special shout-out to all the providers that responded quickly to my many "call to action" requests. Thank you for all your help! We couldn't do it without you. Those requests were:

• Providers should implement "get-zones" (#628)
• Call to update dependencies (#619)
• Call to update GetNameservers() to be more consistent (#491)
• Integration tests refactored, please test! (#684)

Major features:

• PROVIDER (UPGRADE): AZUREDNS is now officially supported!
• PROVIDER (NEW): Internet.bs (#590)
• PROVIDER (NEW): ClouDNS (#578)
• PROVIDER (REMOVED): GANDI/GANDI-LIVEDNS removed. Use GANDI_V5 instead. It is officially supported, 100% backwards compatible, plus the code is cleaner and more modern.
• New subcommand: dnscontrol check-creds helps debug your creds.json file.
• New subcommand: dnscontrol get-zones helps convert zones to DNSControl (#641) (#613)
• Let's Encrypt now tries all cert renewals before returning error (#611)
• If your DNS provider supports AutoDNSSEC, DNSControl now has a way to interface with it.
• Integration Tests Refactored: Integration tests have been reimagined and reorganized. It is now easier to work around providers with missing/broken features (#684)
• BIND's serial number and SOA handling is rewritten to be less complex, cleaning, and less buggy (#652)

Provider-specific changes:

• NEW PROVIDER: Internet.bs (#590)
• NEW PROVIDER: ClouDNS (#578)
• AZUREDNS is now an officially supported provider (#653)
• AZUREDNS: Add support for Alias: AZURE_ALIAS() (#675)
• AZUREDNS: Bug: Wrong domain updated in query (#615)
• AZUREDNS: Do not warn about underscore for acm-validations.aws (#661)
• BIND: Implement AutoDNSSEC (#648)
• BIND: Simplify serial number generation (#652)
• CLOUDFLARE: Correct redirect function documentation (#696)
• DNSIMPLE: Add AUTODNSSEC, implement for DNSimple (#640)
• DNSIMPLE: bug-fix SSHFP, add multi TXT support (#639)
• DNSIMPLE: support NAPTR (#671)
• GANDI_V5: Fix/support ALIAS, SSHFP, TLSA (#673)
• GANDI_V5: Recognize that CanUseTXTMulti is valid (#680)
• SOFTLAYER: Fixed Lets Encrypt Certificate issue #668 (#669)
• SOFTLAYER: Fixed Softlayer TXT Record existence Issue #583 (#659)
• NAMECHEAP: Add CAA support (#533)
• DIGITALOCEAN: CAA is supported with some caveats (#592)
• Implement get-zones and/or check-creds (#628)
  • BIND: Implement get-zones (#642)
  • CLOUDFLARE: get-zones --ttl flag should handle CF's magic TTLs better (#657)
  • ClouDNS: Get zone records implemented (#681)
  • NAMEDOTCOM: Implement get-zones (#645)
  • OVH: Add get-zones to the OVH provider (#666)
  • VULTR: Implemented get-zones (#628) (#670)
  • ACTIVEDIRECTORY: Implement get-zones (#643)
  • ROUTE53: Fully implement get-zones (#638)
  • DNSimple: Implement GetZones and ListZones (#637)
  • DIGITALOCEAN: Do get zones (#635)
  • AZUREDNS: Implement Get Zone for Azure DNS (#631)
• Clean up (standardize) GetNameservers:
  • OVH: convert the OVH provider to models.ToNameservers (#679)
• Update dependencies (#619)
  • EXOSCALE: Update exoscale/egoscale client to v0.23.0 (#664)
  • HEXONET: Update hexonet-sdk to v2.2.3+incompatible (#662)
  • GANDI_V5: Upgrade to newest github.com/tiramiseb/go-gandi
  • AZUREDNS: Upgraded Azure SDK to 39.1.0 (#627)
  • VULTR: Updated govultr to v0.2.0 (#619) (#624)
  • Update github.com/go-acme/lego (#623)
  • DIGITALOCEAN: Update digitalocean module (#622)
  • Update many modules (#620)
  • Upgrade urfave/cli to v2 (#614)
  • Update github.com/mjibson/esc (#515)

Minor changes, internal cleanups and documentation fixes:

• New testing infrastructure for get-zones (#688)
• GetNameservers is inconsistent across providers (#655)
• Tests: ensure provider capabilities are checked (#650)
• External dependencies updated (#691)
• Documentation: Clarify require() name and usage (#690)
• Moved providers/diff to pkg/diff (#692)
• Update README.md (#689)
• Upgrade go version to 1.14 (#676)
• Remove unneeded SSHFP integration test (#677)
• Update provider-list.md (#653)
• Linting (#647)
• pretty helpers.js (#649)
• Add _mta-sts to labels allowed to have an underscore (#617)
• LETS_ENCRYPT: Try all cert renewals before returning error. (#611)
• LETS_ENCRYPT: get-certs: DNS01 challenge skipping preCheckDNS (#591)
• RELENG: Doc should list correct version numbers (#607)
• DOCS: Explain nameservers vs ns (#608)
• DOCS: Clarify bug triage process (#606)
• DOCS: Improve Lets Encrypt docs (#594)
• Fixed issues from go vet (#605)
• Switch to Go 1.13 error wrapping (#604)
• Internals: Switch to v2 go.mod, and fix Azure Pipelines (#595)
• Integration test: Track providers that support null TXT (#597)

For a complete list of bugs closed in this release please refer to this link.

Release v2.11

Big improvements for Gandi users, new providers (ClouDNS,
Internet.bs), many code and documentation improvements including a
move to Go Modules.

BREAKING CHANGE: GANDI_V5 is a significant improvement over the GANDI
and GANDI-LIVEDNS providers, both of which will be removed in 3.0.
Please migrate now.

Let's Encrypt now tries all renewals even if an earlier one fails.

Major changes:

• NEW PROVIDER: GANDI_V5 (deprecates GANDI) (#572)
• NEW PROVIDER: Internet.bs (#590)
• NEW PROVIDER: ClouDNS (#578)
• Add _mta-sts to labels allowed to have an underscore (#617)

Reliability improvements:

• LETS_ENCRYPT: Try all cert renewals before returning error (#611)
• LETS_ENCRYPT: DNS01 challenge no longer skips preCheckDNS (#591)

Provider-specific changes:

• AZURE: Alias records no longer break DNSControl (#616)
• AZURE: Fixes a situation where, wrong domain was gets updated (#615)
• DIGITALOCEAN: CAA is supported with some caveats (#592)
• NAMECHEAP: Add CAA support (#533)

Docs and internal changes:

• DOCS: Updated release engineering process
• DOCS: Better explain NAMESERVER() vs NS() (#608)
• DOCS: Clarify bug triage process (#606)
• DOCS: Improve Lets Encrypt docs (#594)
• Updated module: upgrade urfave/cli to v2 (#614)
• Updated module: upgrade github.com/mjibson/esc (#515)
• Integration test: Add test for TXT with null string (#597)
• Many code cleanups, linting, vetting (#605)

Release v2.10.0

Major Changes:

• New Provider: Azure DNS (#547)
• Switched from govendor to go modules for dependencies (#587)
• Upgraded to Go 1.13 (#550)

Provider-specific changes:

• Gandi: Support for multi-TXT records (#545)
• Gandi: Print actual changes to be pushed (#546)
• Vultr: Added support for SSHFP records (#531)
• CloudFlare: Add ability to manage UniversalSSL (#496)
• CloudFlare: Support API tokens (#555)
• Route 53: Add AWS_PROFILE functionality (#567)

Minor cleanups:

• Documentation and typo cleanup (#586, #582, #571, #565, #560, #556, #507)

Thanks to all contributors!

@tlimoncelli
@captncraig
@geek1011
@patschi
@tlnd-rdalverny
@vatsalyagoel
@BenoitKnecht
@mhenderson-so
@wsuff
@hmrbarros
@signalwerk
@zwo-bot
@pragmaton
@willpower232

Release v2.9

Its been a while since the last release! This release rolls up a number of big changes: IGNORE() now supports wildcards/globs, require() can be used to load JSON. New provider: Exoscale. New rTypes: SSHFP and NAPTR. The duplicate record check now happens in preview, not just in push. A new flag makes it easier to use dnscontrol in a CI/CD pipeline. Plus a lot, lot, more!

Major features:

• NEW PROVIDER: Exoscale (#390)
• Add SSHFP DNS record support. (#439)
• Add NAPTR support. (#461)
• Add --expect-no-changes flag to preview (#449)
• IGNORE() now supports glob pattern/wildcards (#463)
• require() now supports loading JSON too (#474)
• SPF_BUILDER() now supports setting the TTL (#476)
• CAA_BUILDER() makes it easier to add CAA records (#478)
• Check for duplicate records much earlier (#467)
• Add SIP/JABBER labels to underscore exception list (#453)
• require() now handles paths as relative (like nodeJS) (#443)

Provider-specific changes:

• ACTIVEDIRECTORY: Full support for managing NS records. (#450)
• NAMEDOTCOM: Improve error docs
• CLOUDFLARE: Added TLSA and SSHFP support (#484)
• CLOUDFLARE: Added options to set the target account for new domains (#430)
• CLOUDFLARE: Fix CF trying to update non-changeable TTL (#489)
• CLOUDFLARE: SPF records should be converted to TXT Fixes #446 (#480)
• ROUTE53/GCLOUD: Add Delegation/nameserver Sets (#448)
• DIGITALOCEAN: Fix #479: Filter SOA records from Digitalocean (#485)
• OVH: Fixed registrar ns correction (#486)
• OVH: Fixed DKIM when having longer keys (#487) (#488)
• OVH: Update to use newer client library (#445)
• OVH: Certify SSHFP support (#482)
• OVH: Certify that CAA support (#477)
• OVH: Documentation: Fix OVH API First Steps link (#416)

Minor cleanups:

• General docs improvements (#481)
• DOC: Apply brand-preferred case (#429)
• DOCUMENTATION: Document bugid 491 (#492)
• DOCS: Fix many spelling errors (#471)

Release v0.2.8

New features:

• Warn (but don't fail) if creds.json file does not exist (#425)
• Documentation: Added brew installation method to README (#426)
• BUGFIX: Fix SRV record handling when target is shortname (#422)
• SECURITY: Many improvements related to LetsEncrypt (#406) (#411)
• Verbose debug logging via the ConsolePrinter and printer package. (#404)
• Codestyle: Fix formatting on parse_test JSON (#427)
• OVH: Fix caching issue (#412) (#417)
• GCLOUD: Support TXTMulti (#415)
• BIND: Warn if output directory does not exist. (#424)
• NAMEDOTCOM: Documented some error messages.
• GANDI-LIVE: Document "no such zone" error.
• DNSIMPLE: Update DNSimple-go to v0.20.0 and fix provider (#414)
• DNSIMPLE: Fix DNSimple SRV and MX records (#413)

Release v0.2.7

Major Features:

• Let's Encrypt Certificate Generation! #327 Documentation
• Refactoring of most fields in the internal representation of domains. Most code now accesses fields on records through getters and setters, which should help us maintain better consistency throughout the system. #337
• New Provider HEXONET #373

BIND:

• Fix panic on CNAME #347

Cloudflare:

• Fix parsing of priority field in record (fixes #367) #368

Route 53:

• Fix corner case when deleting r53_alias records #394
• Added token to NewStaticCredentials #401
• Fix bug in Route 53 ALIAS record #336

Documentation:

• Improve spfcache.json instructions #375
• Clarify the when to implement certain interfaces #376
• update documentation for Gandi to mention the LiveDNS provider #385
• Review Maintainers of contributed providers #400
• AWS Token options documented #403
• Add Gandi registrar to example #335
• Document SRV, CF*REDIRECT, and note where docs are needed. #346

Misc / Bugs:

• convertzone produces deprecated NAMESERVER entries #363
• Fix #339 prevent the ovh provider to panic on SPF and DKIM record types #340
• Fix #341 do not erase all records labels #342
• Better validate NAMESERVER format. #350
• Update AD integration failures #353
• fix names for internal transformed records #358
• Include support for exists element in SPF. #356
• Work around extra whitespace in spf records #361
• sort returned nameservers #369
• Add support for MX priorities of "" (0) #374
• Include PTR types in SPF Builder #378
• Create directories with execute permissions so they can be opened #395
• Correctly group R53_ALIAS records during IncrementalDiff. #399
• Add NAMESERVER_TTL and associated documentation. #398
• update go version to 1.10 #409

Thanks to all contributors:

• @f110
• @ashleyhull-versent
• @papakai
• @ebardsley
• @arafferty
• @captncraig
• @greut
• @vincentbernat
• @kjacobsen
• @tlimoncelli
• @onlyhavecans
• @geek1011
• @Jamie96
• @masterzen
• @Coeur
• @koenrh
• @bfirsh

Release v0.2.6

What an exciting release!

Summary

• Gand v5i: Added support for the v5 API (also called "LIVEDNS")
• OpenSRS: You can now use OpenSRS as a registrar!
• OctoDNS Support! DNSControl now generates OctoDNS configuration files, which means you can use OctoDNS to talk to providers that DNSControl doesn't support. Users of OctoDNS will also appreciate that convertzone can read your OctoDNS zone configs and output a first draft of your dnsconfig.py.

Major refactoring! The RecordConfig struct has been reworked and that required code changes all over the place. Every provider was touched. Thanks to all the contributors for testing our changes (and fixing the bugs that were introduced by the refactoring). The benefit is that providers are now easier to write, cleaner to write, with less possibility for bugs. In the future support for new providers and DNS record types should be easier.

Major features:

• Make IGNORE work with all providers (#313)
• NEW REGISTRAR: OpenSRS (#275)
• NEW PROVIDER: OctoDNS (#309)
• NEW PROVIDER: GANDI-LIVEDNS (API v5) (#320)

Bugs fixed:

• Rewrite IGNORE to use GetLabel (#331) (Fix #312)
• Fix CAA Support: helpers.js CAA_CRITICAL flag=128 (#318) (#319)
• DNSIMPLE: Fix DNSimple crashes on Alias: (#322)
• GCLOUD: create-zones breaks if domain starts with digit
• LINODE: Fix Linode provider (#333)
• ROUTE53: R53 crashes if traffic flow policy records exist (#330)
• ROUTE53: Fix R53_ALIAS not being registered as custom type (#310) (#311)

Code improvements:

• Refactor RecordConfig: Add getters/setters (#314)
• Update vendored packages (#326)
• Switch from fmt.Error* to errors.Error* (#317)
• Better .gitignore of integration test stuff. (#316)
• Refactor: Prelink providers to domains (#305)
• DNSIMPLE: dnssimple URL broke during refactor (#325)
• GCLOUD: Differentiate two modules name dns (#328)
• ROUTE53: Deleting wildcards doesn't work 19ca760
• Plus a few documentation and minor bugfixes

Release v0.2.5

So many new features! New record types! Better DKIM support! Better AWS support!

Highlights:

• Support for the ability to IGNORE() a label if some other system is updating it (all providers)
• Support for very long DKIM strings. You no longer have to split them yourself.
• Support for the new CAA record type (GANDI, CLOUDFLARE)
• Support for TXT records with multiple strings (BIND, ROUTE53, NAMEDOTCOM)
• Support for AWS ROUTE53 "ALIAS" records.
• Add the ability to send notifications to chat rooms when updates are done.
• A lot of code cleanups and documentation fixes.

Detailed list of features and bug fixes:

• Add support for the IGNORE(label) directive (#183)
• Simple notification framework (#297)
• Add syntax for very long DKIM strings (#295)
• Add general support for TXT records with multiple strings (#293)

Provider-specific news:

• BIND: Add support for TXT records with multiple strings (#289)
• BIND: Fix bug where SOA serial numbers were not updating
• CLOUDFLARE: Support CAA rtype (#285)
• DIGITALOCEAN: Improve example in docs (#281)
• GANDI: Add support for CAA rtype (#288)
• NAMEDOTCOM: Add support for TXT records with multiple strings (#299)
• NAMEDOTCOM: Upgrade to v4 api (#298)
• ROUTE53: Add support for TXT records with multiple strings (#292)
• ROUTE53: Support Route53's ALIAS record type (#239) (#301)
• ROUTE53: Document error messages from various credential issues. (#291)

Internal cleanups and documentation improvements:

• Improve docs on how to add an DNS record type.
• Many other small documentation improvements
• "go vet" and "go lint" the entire system.
• run helpers.js through Prettier
• docs: Improve comments related to capabilities. (#287)
• Update github.com/prasmussen/gandi-api to prepare for LiveDNS support. (#302)