- Record and Zone validation now ensures there's no whitespace in names
- 1.x Deprecation removals
- Provider, Source, and Processor shims removed, they've been warnings for > 1yr. Everything should be using and referring to provider-specific modules now.
- Provider.strict_supports defaults to true, can be returned to the old behavior by setting strict_supports=False in your provider params.
- octodns.record has been broken up into multiple files/modules. Most of the primary things that were available at that module path still will be, but if you are importing things like idna_encode/decode that actually live elsewhere from octodns.record you'll need to update and pull them from their actual home. Classes beginning with _ are not exported from octodns.record any longer as they were considered private/protected.
- Beta support for auto-arpa has been added, See the auto-arpa documentation for more information.
- Support for subnet targeting in dynamic records, see this section of dynamic records documentation for more information.
- Enhanced validations on dynamic rules to encourage best practices
- The last rule must be a catch-all w/o any targeted geos or subnets
- Geos must not be repeated in multiple rules
- Geos in rules and subsequent rules must be ordered most to least specific, e.g. NA-US-TN must come before NA-US, which must occur before NA
- Similarly, subnets must not be repeated in multiple rules, and various subnet rules must be ordered such that most specific subnets appear before less specific ones; e.g. 10.1.1.0/24 must appear before 10.1.0.0/16.
- Subnet targeting is considered to be more specific than geo targeting, so subnet-only rules must appear before any subnet+geo rules, followed by geo-only rules (and catch-all rule w/o any geos/subnets in the end)
- Added new DsRecord type (provider support will be added over time)
- Added simple IgnoreRootNsFilter
- Minor refactor on YamlProvider to add get_filenames making it a bit easier to create specialized providers inheriting from it
- Fixed bug in OwnershipProcessor when all changes were removed from plans
- Shim AxfrSource and ZoneFileSource post extraction into https://github.com/octodns/octodns-bind
- Added support for automatic handling of IDNA (utf-8) zones. Everything is stored IDNA encoded internally. For ASCII zones that's a noop. For zones with utf-8 chars they will be converted and all internals/providers will see the encoded version and work with it without any knowledge of it having been converted. This means that all providers will automatically support IDNA as of this version. IDNA zones will generally be displayed in the logs in their decoded form. Both forms should be accepted in command line arguments. Providers may need to be updated to display the decoded form in their logs, until then they'd display the IDNA version.
- IDNA value support for Record types that hold FQDNs: ALIAS, CNAME, DNAME, PTR, MX, NS, and SRV.
- Support for configuring global processors that apply to all zones with
manager.processors
- Addressed shortcomings with YamlProvider.SUPPORTS in that it didn't include dynamically registered types, was a static list that could have drifted over time even ignoring 3rd party types.
- Provider._process_desired_zone needed to call Provider.supports rather than
doing it's own
_type in provider.SUPPORTS
. The default behavior in Source.supports is ^, but it's possible for providers to override that behavior and do special checking and_process_desired_zone
wasn't taking that into account. - Now that it's used as it needed to be YamlProvider overrides Provider.supports and just always says Yes so that any dynamically registered types will be supported.
- Add TtlRestrictionFilter processor for adding ttl restriction/checking
- NameAllowlistFilter & NameRejectlistFilter implementations to support filtering on record names to include/exclude records from management.
- All Record values are now first class objects. This shouldn't be an externally visible change, but will enable future improvements.
- --quiet command line option added to raise log level to WARNING, plan
output now comes from
plan
logger rather thanManager
so that it can stay at info - --logging-config command line option added to allow complete logging config customization, see https://docs.python.org/3/library/logging.config.html#logging-config-dictschema for file format and octodns#945 (comment) for an example config
- Fixed issue with sub-zone handling introduced in 0.9.18
- Added octodns.idna idna_encode/idna_decode helpers, providers will need to individually add support via these helpers though :-/
black
formatting implemented (including .git-blame-ignore-revs)- --output-provider support for dump to allow configurable dump formatting/details
- TLSA record type support
- Subzones support for skipping levels
- The changes in plans are now ordered based on change type prior to considering the record name and type as was previously done. The chosen order is: deletes, creates, updates. The reason for that many providers make changes one at a time. When changing the type of a record, e.g. from A to CNAME of vice versa this is done by deleting the old and creating the new. If the CNAME create happens before the A delete it will often violate rules against having typed records live at the same node as a CNAME. Several providers have always handled this by sorting the changes themselves. This just standardizes what they are doing as many other providers appear to need to do so, but weren't. There was an ordering before, but it was essentially arbitrarily picked.
- Record.register_type added so that providers can register custom record types, see docs/records.md for more information
- New
octodns-versions
command which will log out the version of octodns and any provider/processor/plan_output modules you are using.
- Manager includes the octoDNS version in its init log line
- Non-official release installs will now include a bit of the sha to indicate specifically what revision is being used, e.g. 0.9.17+abcdef12, these roughly follow PEP440 guidelines
- Foundational support for root NS record management.
- YamlProvider has it enabled and in general everyone should add root NS records that match what is in their provider(s) as of this release if they aren't already there.
- Other providers will add root NS support over time following this release once they have had the chance to investigate the functionality and implement management if possible with whatever accomidations are required.
- Watch your providers README.md and CHANGELOG.md for support and more information.
- Root NS record changes will always require
--force
indicating that they are impactful changes that need a careful 👀
- _AggregateTarget has more complete handling of SUPPORTS* functionality, mostly applicable for the compare operation.
- Fix null MX record validation error introduced in 0.9.15,
.
is again allowed as a validexchange
value.
- Providers extracted from octoDNS core into individual repos
octodns#622 &
octodns#822 for more information.
- AzureProvider
- AkamaiProvider
- CloudflareProvider
- ConstellixProvider
- DigitalOceanProvider
- DnsimpleProvider
- DnsMadeEasyProvider
- DynProvider
- EasyDnsProvider
- EtcHostsProvider
- GandiProvider
- GcoreProvider
- GoogleCloudProvider
- HetznerProvider
- MythicBeastsProvider
- Ns1Provider
- OvhProvider
- PowerDnsProvider
- RackspaceProvider
- Route53Provider also AwsAcmMangingProcessor
- SelectelProvider
- TransipProvider
- UltraDnsProvider
- As part of the extraction work octoDNS's requirements (setup.py and .txt files) have been updated and minimized and a helper script, script/update-requirements has been added to help manage the txt files going forward.
- NS1 provider has received improvements to the dynamic record implementation. As a result, if octoDNS is downgraded from this version, any dynamic records created or updated using this version will show an update.
- An edge-case bug related to geo rules involving continents in NS1 provider has been fixed in this version. However, it will not show/fix the records that match this edge-case. See octodns#809 for more information. If octoDNS is downgraded from this version, any dynamic records created or updated using this version and matching the said edge-case will not be read/parsed correctly by the older version and will show a diff.
- Transip was updated to their new client api
- Additional FQDN validation to ALIAS/CNAME value, MX exchange, SRV target and tests of the functionality.
- Improvements around dynamic record value weights allowing finer grained control
- Provider
strict_supports
param added, currently defaults tofalse
, along with Provider._process_desired_zone this forms the foundations of a new "supports" system where providers will warn or error (depending on the value ofstrict_supports
) during planning about their inability to do what they're being asked. Whenfalse
they will warn and "adjust" the desired records. When true they will abort with an error indicating the problem. Over time it is expected that all "supports" checking/handling will move into this paradigm andstrict_supports
will likely be changed to default totrue
. - Zone shallow copy support, reworking of Processors (alpha) semantics
- NS1 NA target now includes
SX
andUM
. IfNA
continent is in use in dynamic records care must be taken to upgrade/downgrade to v0.9.13. - Ns1Provider now supports a new parameter, shared_notifylist, which results in all dynamic record monitors using a shared notify list named 'octoDNS NS1 Notify List'. Only newly created record values will use the shared notify list. It should be safe to enable this functionality, but existing records will not be converted. Note: Once this option is enabled downgrades to previous versions of octoDNS are discouraged and may result in undefined behavior and broken records. See octodns#749 for related discussion.
- TransipProvider removed as it currently relies on
suds
which is broken in new python versions and hasn't seen a release since 2010. May return with octodns#762
- Fully remove python 2.7 support & sims
- Dynamic record pool status flag: up/down/obey added w/provider support as possible.
- Support for multi-value PTRs where providers allow them
- Normalize IPv6 addresses to avoid false changes and simplify providers
- Include pure-python wheel distirubtions in release builds
- Improvements and updates to AzureProvider, especially w/respect to dynamic records.
- NS1Provider support for IPv6 monitors and general caching/performance improvements
- Route53Provider.get_zones_by_name option to avoid paging through huge lists and hitting rate limits
- Misc Route53Provider
- Ensure no network access during testing (helps with runtime)
- Sped up the long pole unit tests
- Misc. ConstellixProvider, DigitalOceanProvider, GCoreProvider, and Route53Provider fixes & improvements
- Alpha support for Processors has been added. Processors allow for hooking
into the source, target, and planing process to make nearly arbitrary changes
to data. See the octodns/processor/ directory for
examples. The change has been designed to have no impact on the process
unless the
processors
key is present in zone configs. - Fixes NS1 provider's geotarget limitation of using
NA
continent. Now, whenNA
is used in geos it considers all the countries ofNorth America
instead of justus-east
,us-west
andus-central
regions SX' & 'UM
country support added to NS1Provider, not yet in the North America list for backwards compatibility reasons. They will be added in the next releaser.
- Lots of progress on the partial/beta support for dynamic records in Azure, still not production ready.
- NS1 fix for when a pool only exists as a fallback
- Zone level lenient flag
- Validate weight makes sense for pools with a single record
- UltraDNS support for aliases and general fixes/improvements
- Misc doc fixes and improvements
- Formal Python 2.7 support removed, deps and tooling were becoming unmaintainable
- octodns/octodns move, from github/octodns, more to come
- ZoneFileSource supports specifying an extension & no files end in . to better support Windows
- LOC record type support added
- Support for pre-release versions of PowerDNS
- PowerDNS delete before create which allows A <-> CNAME etc.
- Improved validation of fqdn's in ALIAS, CNAME, etc.
- Transip support for NS records
- Support for sending plan output to a file
- DNSimple uses zone api rather than domain to support non-registered stuff, e.g. reverse zones.
- Support for fallback-only dynamic pools and related fixes to NS1 provider
- Initial Hetzner provider
- ALIAS records only allowed at the root of zones - see
leient
in record docs for work-arounds if you really need them.
- Gandi LiveDNS
- UltraDNS
- easyDNS
- Add support for zones aliases
- octodns-compare: Prefix filtering and status code on on mismatch
- Implement octodns-sync --source
- Adding environment variable record injection
- Add support for wildcard SRV records, as shown in RFC 2782
- Add healthcheck option 'request_interval' for Route53 provider
- NS1 georegion, country, and catchall need to be separate groups
- Add the ability to mark a zone as lenient
- Add support for geo-targeting of CA provinces
- Update geo_data to pick up a couple renames
- Cloudflare: Add PTR Support, update rate-limit handling and pagination
- Support PowerDNS 4.3.x
- Added support for TCP health checking of dynamic records
- Added support for dynamic records to Ns1Provider, updated client and rate limiting implementation
- Moved CI to use GitHub Actions
- Set up dependabot to automatically PR requirements updates
- Pass at bumping all of the requirements and Dependabot them going forward
- Enhanced
dynamic
pool validation rules - Delegation set support for Route53 and fix for CNAME/A ordering issues
- DNSimple sandbox support
- OVHProvider support for CAA
- Akamai rename FastDNS to EdgeDNS
- Transip bumped to 2.1.2 which should get away from its SOAP api which is EOLd
- Extensive pass through the whole codebase to support Python 3
- Tons of updates to replace
def __cmp__
with__eq__
and friends to preserve custom equality and ordering behaviors that are essential to octoDNS's processes. - Quite a few objects required the addition of
__eq__
and friends so that they're sortable in Python 3 now that those things are more strict. A few places this required jumping through hoops of sorts. Thankfully our tests are pretty thorough and caught a lot of issues and hopefully the whole plan, review, apply process will backstop that. - Explicit ordering of changes by (name, type) to address inconsistent ordering for a number of providers that just convert changes into API calls as they come. Python 2 sets ordered consistently, Python 3 they do not. https://github.com/octodns/octodns/pull/384/commits/7958233fccf9ea22d95e2fd06c48d7d0a4529e26
- Route53
_mod_keyer
ordering wasn't 100% complete and thus unreliable and random in Python 3. This has been addressed and may result in value reordering on next plan, no actual changes in behavior should occur. incf.countryutils
(in pypi) was last released in 2009 is not python 3 compatible (it's country data is also pretty stale.)pycountry_convert
appears to have the functionality required to replace its usage so it has been removed as a dependency/requirement.- Bunch of additional unit tests and supporting config to exercise new code and verify things that were run into during the Python 3 work
- lots of
six
ing of things
- Tons of updates to replace
- Validate Record name & fqdn length
- No material changes
- AkamaiProvider, ConstellixProvider, MythicBeastsProvider, SelectelProvider, & TransipPovider providers added
- Route53Provider separator fix
- YamlProvider export error around stringification
- PyPi markdown rendering fix
- Reduced dynamic record value weight range to 0-15 so that Dyn and Route53 match up behaviors. Dyn is limited to 0-15 and scaling that up would lose resolution that couldn't be recovered during populate.
- Addressed issues with Route53 change set ordering for dynamic records
- Ignore unsupported record types in DigitalOceanProvider
- Fix bugs in Route53 extra changes handling and health check managagement
- dynamic record support, essentially a v2 version of geo records with a lot more flexibility and power. Also support dynamic CNAME records (alpha)
- Route53Provider dynamic record support
- DynProvider dynamic record support
- SUPPORTS_DYNAMIC is an optional property, defaults to False
- Route53Provider health checks support disabling latency measurement
- CloudflareProvider SRV record unpacking fix
- DNSMadeEasy provider uses supports to avoid blowing up on unknown record types
- Updates to AzureProvider lib versions
- Normalize MX/CNAME/ALIAS/PTR value to lower case
- SplitYamlProvider support added
- DynProvider fix for Traffic Directors association to records, explicit rather than "looks close enough"
- TinyDNS support for TXT and AAAA records and fixes to ; escaping
- pre-commit hook requires 100% code coverage
- A bunch of "dynamic" stuff that'll be detailed in the next release when providers actually support it 😁
- Route53Provider adds support for using session tokens
- Added support for proxying Cloudflare ALIAS records
- Dyn CAA TTL fix
- Documentation fixes and improvements
- natsort version bump to address setup issues
- DNSSimple TXT record handling fixes, ; it's always ;
- Route53Provider support for sessiom tokens
- Add ALIAS to the list of Cloudflare record types that support proxying
- Fix for TTL bug in Dyn CCA records
- Records updated so that 'octodns' record metadata is persisted through YamlProvider
- Added --version support to ArguementParser (thus all commands)
- ZoneFile source added
- Major rework/improvements to the Cloudflare record update process, fixed bugs and optimized it quite a bit
- Add ability to manage Cloudflare proxy flag
- Bump requests version to 2.20.0
- EtcHostsProvider implementation to create static/emergency best effort content that can be used in /etc/hosts to resolve things.
- Add lenient support to Zone.add_record, allows populate from providers that have allowed/created invalid data and situations where a sub-zone is being extracted from a parent, but the records still exist in the remote provider.
- AXFR source support added
- google-cloud-dns requirement instead of general package
Using this version on existing records with geo
will result in
recreating all health checks. This process has been tested pretty thoroughly to
try and ensure a seamless upgrade without any traffic shifting around. It's
probably best to take extra care when updating and to try and make sure that
all health checks are passing before the first sync with --doit
. See
#67 for more information.
- Major update to geo healthchecks to allow configuring host (header), path, protocol, and port #67
- SSHFP algorithm type 4
- NS1 and DNSimple support skipping unsupported record types
- Revert back to old style setup.py & requirements.txt, setup.cfg was causing too much pita
- Way way way too much to list out here, shouldn't have waited so long
- Initial NS1 geo support
- Major reworking of
CloudflareProvider
's update process, was only partially functional before, also ignore proxied records - Fixes and improvements to better support non-ascii records and zones
- Plans indicate when Zones are going to be created
- Fix for
GoogleCloudProvider
handling of ; escapes - Skip Alias recordsets for Route53 (unsupported concept/type)
- Make sure that Record geo values are sorted to prevent false diffs that can never be fixed
DynProvider
fix to safely roll rulesets, things could end up on rules without a pool and/or hitting the default rule previously.
- Added support for "chunking" TXT records where individual values were larger than 255 chars. This is common with DKIM records involving multiple providers.
- Added
GoogleCloudProvider
- Configurable
UnsafePlan
thresholds to allow modification of how many updates/deletes are allowed before a plan is declared dangerous. - Manager.dump bug fix around empty zones.
- Prefer use of
.
oversource
in shell scripts DynProvider
warns when it ignores unrecognized traffic directors.
Adds an OVH provider.
Misc fixes and improvements.
- Azure TXT record fix
- PowerDNS api support for https
- Configurable Route53 max retries and max-attempts
- Improved key ordering error message
Relatively small delta this go around. No major themes or anything, just steady progress.
- AzureProvider added thanks to work by Heesu Hwang.
- Fixed some escaping issues with NS1 TXT and SPF records that were tracked down with the help of Blake Stoddard.
- Some tweaks were made to Zone.records to vastly improve handling of zones with very large numbers of records, no more O(N^2).
Lots of updates based on our internal use, needs, and feedback & suggestions from our OSS users. There's too much to list out since the previous release was cut, but I'll try to cover the highlights/important bits and promise to do better in the future :fingers_crossed:
- Complete rework of record validation with lenient mode support added to octodns-dump so that data with validation problems can be dumped to config files as a starting point. octoDNS now also ignores validation errors when pulling the current state from a provider before planning changes. In both cases this is best effort.
- Naming of record keys are based on RFC-1035 and friends, previous names have been kept for backwards compatibility until the 1.0 release.
- Provider record type support is now explicit, i.e. opt-in, rather than opt-out. This prevents bugs/oversights in record handling where providers don't support (new) record types and didn't correctly ignore them.
- ALIAS support for DNSimple, Dyn, NS1, PowerDNS
- Ignored record support added,
octodns:\n ignored: True
- Ns1Provider added
- Use a 3rd party lib for natural sorting of keys, rather than my old
implementation. Sorting can be disabled in the YamlProvider with
enforce_order: False
. - Semi-colon/escaping fixes and improvements.
- Meta record support,
TXT octodns-meta.<zone>
. For now justprovider=<provider-id>
. Optionally turned on withinclude_meta
manager config val. - Validations check for CNAMEs co-existing with other records and error out if found. Was a common mistaken/unknown issue and this surfaces the problem early.
- Sizeable refactor in the way Route53 record translation works to make it cleaner/less hacky
- Lots of docs type-o fixes
- Fixed some pretty major bugs in DnsimpleProvider
- Relax UnsafePlan checks a bit, more to come here
- Set User-Agent header on Dyn health checks