Tools implementing deSEC

peter · April 1, 2020, 10:00pm

In this post, we keep a list of deSEC-aware software that we have knowledge of.

Note: This does not imply any endorsement by deSEC. We also do not evaluate whether the tools listed here implement sensible security measures, nor do we know whether these programs hold what they promise. The list is merely meant as an inspiration for digging deeper into the deSEC ecosystem.

dynDNS clients

Nesos-ita/DynamicDnsUpdater

Integrations

DNS orchestration

DNSControl (DNS as code)
Terraform (DNS as code)

ACME clients

Other

Proxmox Virtual Environment, e.g. pvenode
Traefik supports deSEC through lego (see ablove). Previously, there was this extra module: Traefik dedyn-dns01 (now superseded)

General purpose API clients

Libraries

desec (npm) (JavaScript library)
desec (Go)
desec-dns-api (PyPI) (Python library), used by
- ansible-desec-dns (Ansible modules)

Command-line Interface (CLI)

desec-dns-cli (Python CLI)
desec-dns-api-cli (Python CLI)
desec-dns (Python CLI with TLSA support)
My1/MugenDNS (PHP GUI)

To extend this list, please reply to this post, and after short inspection we may include your suggestion in the list.

d3luxee · April 25, 2020, 8:03pm

dnscontrol will also get support for desec: https://github.com/StackExchange/dnscontrol/issues/724

peter · April 25, 2020, 9:59pm

Hi d3luxee,

Support was just merged into DNSControl, so I added it to the above list. Thanks for the contribution!

Stay secure,
Peter

peter · April 28, 2020, 5:05pm

vika · May 12, 2020, 10:37pm

Lego (an ACME client) has deSEC support too now! I filed the issue asking them to implement it, and the next day it was done: https://github.com/go-acme/lego/issues/1140

ldez · May 15, 2020, 1:54pm

Hello,

I created a Go client: https://github.com/nrdcg/desec/

You can also remove Traefik dedyn-dns01 as Traefik support deSEC natively (through lego)

https://docs.traefik.io/v2.2/https/acme/#providers

peter · May 15, 2020, 2:28pm

Hi vika, ldez,

Thanks for your contributions! This is really great to see <3 I’m making the corresponding changes to the list.

Stay secure,
Peter

xengi · June 1, 2020, 11:51am

Thx for adding my stuff.

I’m currently finishing up the python API wrapper. I’ll release the first 1.0 beta in a couple of days.

After that I’ll continue working on the ansible modules. So feel free to test the desec-dns-api library and give feedback.