Caddy and Dynamic DNS

pseymour · July 17, 2023, 11:56am

1. The problem I’m having:

I can use the RFC2136 to get a LetsEncrypt certificate just fine. Is it possible to CRUD DNS records with Caddy - maybe caddy-dynamicdns but I can see no records of RFC2136 in there.

2. Error messages and/or full log output:

Not applicable at this time

3. Caddy version:

2.6.2

4. How I installed and ran Caddy:

FROM caddy:2.6.2-builder AS builder

RUN xcaddy build v2.6.2 --with github.com/caddy-dns/rfc2136

FROM caddy:2.6.2

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

a. System environment:

c. Service/unit/compose file:

version: '3.3'

services:
  caddy:
    image: caddy-with-dns:2.6.2
    ports:
      - "8443:443"
    volumes:
      - $PWD/Caddyfile:/etc/caddy/Caddyfile
      - $PWD/site:/srv
      - caddy_data:/data
      - caddy_config:/config

volumes:
  caddy_data:
  caddy_config:

d. My complete Caddy config:

{
    acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}

<myhost>:443 {
        log {
                level DEBUG
                output file /dev/stdout
        }
        reverse_proxy http://<myhost>:8080 {
                header_up +X-SSH-Endpoint "{host}:50022"
                header_down +X-SSH-Endpoint "{host}:50022"
        }
        tls {
          dns rfc2136 {
            key_name "<key>"
            key_alg "hmac-sha512"
            key "<redacted>"
            server "<srv>4:53"
          }
        }
        encode zstd gzip
}

5. Links to relevant resources:

francislavoie · July 18, 2023, 2:04am

I don’t understand the question. Can you elaborate?

pseymour · July 18, 2023, 5:57am

Sorry, apologies.

Is there a plugin that can create/update/delete DNS records (A/AAAA or CNAMES) for a RFC2136 provider ?

francislavoie · July 18, 2023, 7:17am

Ah, yeah that’s what GitHub - mholt/caddy-dynamicdns: Caddy app that keeps your DNS records (A/AAAA) pointed at itself. is for! It takes a DNS providers module as input.

pseymour · July 18, 2023, 7:29am

OK thanks, there is no mention of rfc2136 in there and reference to TSIG setup is all so wasn’t sure.

francislavoie · July 18, 2023, 7:59am

Because it takes any DNS provider module as input. That includes your RFC2136 one.

It wouldn’t make sense for it to list every existing DNS provider module in that project’s readme, there could be an infinite amount, and keeping a list up to date in that readme would be a waste of time.

pseymour · July 18, 2023, 8:10am

Yes thank you I get that I was just making sure. I will try and figure out the TSIG setup which I guess wouldn’t be a million miles away from the LetsEncrypt one. Appreciate the help.

system · August 17, 2023, 8:11am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.