Have a DNS service running to allow users to tie services to their own domain #104

New issue

Open

opened 2025-02-11 12:24:21 +01:00 by kiara · 0 comments

kiara commented

2025-02-11 12:24:21 +01:00

Owner

implementation notes

dns servers seem (compared):
- powerdns aka pdns (GPL-2.0, C++, stringly module), front-end powerdns-admin - procolix currently has most experience operating this
- hickory-dns (MIT/Apache, rust, structured module)
- acme-dns (MIT, go, semi-stringly module)
- bind (Apache, C, structured module, wiki)
- technitium-dns-server (GPL-3.0, python, simple module)
- core-dns (stringly? module)
- tinydns (stringly module)
clients
- octodns
  - wiki
  - providers
  - TF
  - given an API spec may generate client for python
  - e.g. for openprovider
  - may (without TF) be configured using NixOS-DNS (source)
- DNS control (wiki, providers)
- ~~clan dyndns module~~: tied to their service
- godns (module, providers)
utilities
- dns.nix: zone files
- nixcloud-webservices: helpers to generate strings for a few resource records

if we may put off related front-ends until #350, we should be able to handle DNS using Nix options such as NixOS-DNS, including for the purpose of migration (#100).

v client / > server	hickory	acme	bind	technitium	powerdns
octodns			✅		✅
DNS control			✅	?	✅

~~| godns | | | | | |~~

given this compatibility matrix, the path of least resistance to automating DNS would seem server bind (optionally with client octodns (thru TF / NixOS-DNS)).

c.f.:

selfhostblocks ticket

## implementation notes - [dns servers](https://search.nixos.org/packages?channel=unstable&from=0&size=50&sort=relevance&type=packages&query=dns) seem ([compared](https://en.wikipedia.org/wiki/Comparison_of_DNS_server_software#Feature_matrix)): - [`powerdns`](https://github.com/PowerDNS/pdns) aka [`pdns`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/by-name/pd/pdns/package.nix) (GPL-2.0, C++, stringly [module](https://search.nixos.org/options?channel=unstable&show=services.pdnsd.serverConfig&query=services.pdnsd)), front-end [powerdns-admin](https://github.com/PowerDNS-Admin/PowerDNS-Admin) - procolix currently has most experience operating this - [`hickory-dns`](https://github.com/hickory-dns) (MIT/Apache, rust, structured [module](https://search.nixos.org/options?channel=unstable&show=services.hickory-dns.settings.zones.*.file&query=services.hickory-dns)) - [`acme-dns`](https://github.com/joohoi/acme-dns/) (MIT, go, semi-stringly [module](https://search.nixos.org/options?channel=unstable&show=services.acme-dns.settings.general.records&query=services.acme-dns)) - [`bind`](https://gitlab.isc.org/isc-projects/bind9) (Apache, C, structured [module](https://search.nixos.org/options?channel=unstable&show=services.bind.zones&query=services.bind), [wiki](https://wiki.nixos.org/wiki/Bind)) - [`technitium-dns-server`](https://github.com/TechnitiumSoftware/DnsServer) (GPL-3.0, python, simple [module](https://search.nixos.org/options?channel=unstable&from=0&size=50&sort=relevance&type=packages&query=services.technitium-dns-server)) - [`core-dns`](https://github.com/coredns/coredns) (stringly? [module](https://search.nixos.org/options?channel=unstable&show=services.coredns.config&query=services.coredns)) - [`tinydns`](https://github.com/projectdiscovery/tinydns) (stringly [module](https://search.nixos.org/options?channel=unstable&show=services.tinydns.data&query=services.tinydns)) - clients - [octodns](https://github.com/octodns/octodns) - [wiki](https://wiki.nixos.org/wiki/Octodns) - [providers](https://octodns.readthedocs.io/en/latest/#providers) - [TF](https://registry.terraform.io/providers/topicusonderwijs/octodns/latest/docs) - given an API spec may generate client [for python](https://github.com/openapi-generators/openapi-python-client) - e.g. for [openprovider](https://github.com/openprovider/api-documentation) - may ([without TF](https://github.com/Janik-Haag/NixOS-DNS/issues/5)) be configured using [NixOS-DNS](https://janik-haag.github.io/NixOS-DNS/) ([source](https://github.com/janik-haag/NixOS-DNS/)) - [DNS control](https://dnscontrol.org/) ([wiki](https://wiki.nixos.org/wiki/Dnscontrol), [providers](https://docs.dnscontrol.org/provider/index)) - ~~[clan dyndns module](https://github.com/clan-lol/clan-core/blob/main/clanServices/dyndns/default.nix)~~: tied to their service - [`godns`]() ([module](https://search.nixos.org/options?channel=unstable&show=services.godns.settings&query=services.godns), [providers](https://github.com/TimothyYe/godns#supported-dns-providers)) - utilities - [`dns.nix`](https://github.com/nix-community/dns.nix): zone files - [nixcloud-webservices](https://github.com/nixcloud/nixcloud-webservices/tree/dns/modules/services/dns): [helpers to generate strings for a few resource records](https://discourse.nixos.org/t/nix-dns-a-nix-dsl-for-dns-zone-files/2466/5) if we may put off related front-ends until #350, we should be able to handle DNS using Nix options such as `NixOS-DNS`, including for the purpose of migration (#100). | v client / > server | hickory | acme | bind | technitium | powerdns | |-|-|-|-|-|-| | [octodns](https://octodns.readthedocs.io/en/latest/#providers) | | | ✅ | | ✅ | | [DNS control](https://docs.dnscontrol.org/provider/index) | | | [✅](https://docs.dnscontrol.org/provider/bind) | [?](https://github.com/StackExchange/dnscontrol/pull/3218) | [✅](https://docs.dnscontrol.org/provider/powerdns) | ~~| [`godns`](https://github.com/TimothyYe/godns#supported-dns-providers) | | | | | |~~ given this compatibility matrix, the path of least resistance to automating DNS would seem server `bind` (optionally with client octodns (thru TF / NixOS-DNS)). c.f.: - [selfhostblocks ticket](https://github.com/ibizaman/selfhostblocks/issues/63)