Is this plugin compatible with PowerDNS in "bind" mode? #28
Description
When I try to run the following simulated renewal...
$ certbot renew --dry-run \
--authenticator certbot-dns-powerdns:dns-powerdns \
--certbot-dns-powerdns:dns-powerdns-credentials /etc/powerdns/api-credentials.ini
...I see in the Certbot log files something like this:
2023-11-14 23:54:35,846:DEBUG:urllib3.connectionpool:http://127.0.0.1:8081 "PATCH /api/v1/servers/localhost/zones/mydomain.com. HTTP/1.1" 422 62
2023-11-14 23:54:35,847:DEBUG:lexicon.providers.powerdns:response: {"error": "Hosting backend does not support editing records."}
2023-11-14 23:54:35,847:DEBUG:certbot.plugins.dns_common_lexicon:Encountered error adding TXT record: 422 Client Error: Unprocessable Entity for url: http://127.0.0.1:8081/api/v1/servers/localhost/zones/mydomain.com.
So it appears that the PowerDNS API tells your plugin "Sorry I can't edit plain-text zone files".
• Is my interpretation correct?
• Is this a general restriction; BIND-style zone files just won't get edited, period?
• Or is there a "reason" for the rejection, such as bad permissions or whatever?
• Or is my only recourse to switch to something like PostgreSQL to store my DNS records?
Technically there's nothing that would keep PowerDNS or its tool suite from editing its own plain-text zone files.
FWIW, I get the same error when using curl:
curl -v -v -s -X PATCH \
-H "X-API-Key: CHANGEME" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
"http://localhost:8081/api/v1/servers/localhost/zones/mydomain.com." \
--data '{
"rrsets": [
{
"name": "_acme-challenge.mydomain.com.",
"type": "TXT",
"ttl": 86400,
"changetype": "REPLACE",
"records": [
{
"content": "\"new-txt-record-content\"",
"disabled": false
}
]
}
]
}'
I know this is not the PowerDNS support forum but perhaps there is some known issue with patching TXT records that you guys have previously run into and I'm missing what's wrong.