Tools implementing deSEC

In this post, we keep a list of deSEC-aware software that we have knowledge of.

Note: This does not imply any endorsement by deSEC. We also do not evaluate whether the tools listed here implement sensible security measures, nor do we know whether these programs hold what they promise. The list is merely meant as an inspiration for digging deeper into the deSEC ecosystem.

dynDNS clients


DNS orchestration

ACME clients


  • Proxmox Virtual Environment, e.g. pvenode
  • Traefik supports deSEC through lego (see ablove). Previously, there was this extra module: Traefik dedyn-dns01 (now superseded)

General purpose API clients


Command-line Interface (CLI)

To extend this list, please reply to this post, and after short inspection we may include your suggestion in the list.


dnscontrol will also get support for desec:

1 Like

Hi d3luxee,

Support was just merged into DNSControl, so I added it to the above list. Thanks for the contribution!

Stay secure,

Lego (an ACME client) has deSEC support too now! I filed the issue asking them to implement it, and the next day it was done:



I created a Go client:

You can also remove Traefik dedyn-dns01 as Traefik support deSEC natively (through lego)

Hi vika, ldez,

Thanks for your contributions! This is really great to see <3 I’m making the corresponding changes to the list.

Stay secure,

Thx for adding my stuff. :smiley:

I’m currently finishing up the python API wrapper. I’ll release the first 1.0 beta in a couple of days.

After that I’ll continue working on the ansible modules. So feel free to test the desec-dns-api library and give feedback.