Add option to explicitly delegate FQDN's #27
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Thanks for the contribution, @TimeToogo. It might take me a while to get to this PR, but I'm intrigued by your idea. |
|
Hi @TimeToogo , thanks in advance for the PR. Here are some changes I'd like to see:
Thanks for putting the time to make sslip.io better. —Brian |
cunnie
requested changes
Nov 29, 2023
| @@ -17,6 +17,7 @@ func main() { | |||
| var wg sync.WaitGroup | |||
| var blocklistURL = flag.String("blocklistURL", "https://raw.githubusercontent.com/cunnie/sslip.io/main/etc/blocklist.txt", `URL containing a list of "forbidden" names/CIDRs`) | |||
| var nameservers = flag.String("nameservers", "ns-aws.sslip.io.,ns-azure.sslip.io.,ns-gce.sslip.io.", "comma-separated list of nameservers") | |||
| var delegated = flag.String("delegate", "", "delegate specific FQDN's to comma-separated list of nameservers, seperate multiple mappings with ';'") | |||
There was a problem hiding this comment.
"separate" is spelled with one "e". It was spelled correctly the first time, incorrectly the second.
Using ";" as a separator is tricky because it's a meaningful character to the sh/bash/zsh shells—it may trip up an unsophisticated user.
Also, the pre-existing -addresses flag uses a different way to set multiple records (= and ,). Is there a reason you chose to use a completely different paradigm (, and ;)?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Following on from #24 I ended up implementing a workaround for this issue that exposes a new argument which can be used to delegate FQDN's to other nameservers. This has enabled me to successfully issue wildcard letsencrypt certificates on the sslip domain. Here's how I use it:
Where Route53 has a hosted zone for
sslip.example.domainand will answer authoritatively for_acme-challenge.sslip.example.domain, which enables certbot to pass the acme dns-01 challenge. You could likely substitute Route53 for other nameservers using this approach although I haven't tested any others.I'm not sure if this is something you want to bring into the mainline but thought it was worth checking.
NOTE: I learnt the hard way that the dns01 challenge issues mixed case queries, hence the case-insensitive match.