Tools implementing deSEC

In this post, we keep a list of deSEC-aware software that we have knowledge of.

Note: This does not imply any endorsement by deSEC. We also do not evaluate whether the tools listed here implement sensible security measures, nor do we know whether these programs hold what they promise. The list is merely meant as an inspiration for digging deeper into the deSEC ecosystem.

dynDNS clients


Integrations

DNS orchestration

ACME clients

Webserver in-built

Other

  • Proxmox Virtual Environment, e.g. pvenode
  • Traefik supports deSEC through lego (see ablove). Previously, there was this extra module: Traefik dedyn-dns01 (now superseded)

General purpose API clients

Libraries

Command-line Interface (CLI)

To extend this list, please reply to this post, and after short inspection we may include your suggestion in the list.

6 Likes

dnscontrol will also get support for desec: https://github.com/StackExchange/dnscontrol/issues/724

1 Like

Hi d3luxee,

Support was just merged into DNSControl, so I added it to the above list. Thanks for the contribution!

Stay secure,
Peter

1 Like

Lego (an ACME client) has deSEC support too now! I filed the issue asking them to implement it, and the next day it was done: https://github.com/go-acme/lego/issues/1140

2 Likes

Hello,

I created a Go client: https://github.com/nrdcg/desec/

You can also remove Traefik dedyn-dns01 as Traefik support deSEC natively (through lego)

https://docs.traefik.io/v2.2/https/acme/#providers

1 Like

Hi vika, ldez,

Thanks for your contributions! This is really great to see <3 I’m making the corresponding changes to the list.

Stay secure,
Peter

1 Like

Thx for adding my stuff. :smiley:

I’m currently finishing up the python API wrapper. I’ll release the first 1.0 beta in a couple of days.

After that I’ll continue working on the ansible modules. So feel free to test the desec-dns-api library and give feedback.

Hi,
I just uploaded my PHP library to connect to deSEC API.

Hi Taras,

Thanks for your contribution! I’ve added it to the top post of this thread.

Stay secure,
Peter

1 Like

Hi! I found a Caddy module that supports DNS ACME challenge using a deSEC API token: GitHub - caddy-dns/desec: deSEC module for Caddy

1 Like

Hi strawberry,

Thanks, I added it to the list!

Stay secure,
Peter

2 Likes

desec-dns-api does not exist anymore on pypi. A relatively new project appeared at desec.

Thanks, RonObvious, I made these changes!

Stay secure,
Peter

1 Like

The repository is marked as archived and the project is in readonly mode. Looks like PyPI releases have all been yanked too. This should be marked as unmaintained or abandoned.

Hi WhyNotHugo,

Thanks for your message, and welcome to deSEC! :slight_smile:

I verified your report, and removed the unmaintained link from the collection.

Stay secure,
Peter

1 Like

Hi everyone,

I’m excited to share with you a small script I’ve developed to simplify the process of updating TLSA records from Plesk. You can find the script on GitHub at this link: Plesk-DANE-TLSA-and-deSEC

TLSA records are an essential part of ensuring secure communication over the internet, particularly for services like email and web servers. However, managing these records manually can be cumbersome, especially for those using Plesk as their hosting control panel.

With this script, I aimed to streamline the process, allowing Plesk users to update their TLSA records seamlessly. By integrating with deSEC DNS service, the script automates the update process, saving time and effort for administrators.

I encourage you to check out the script on GitHub, where you can find detailed instructions on how to use it and contribute to its development. Whether you’re a Plesk user looking to enhance your server’s security or a developer interested in improving the script, your feedback and contributions are highly appreciated.

Thank you for your support, and I hope you find the script useful!

Best regards,
Jonathan