Update dreamhost to use dns-list_records instead of domain-list_domains
#998
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Thanks, I prepare a release right now. |
MasinAD
pushed a commit
to MasinAD/lexicon
that referenced
this pull request
Mar 29, 2022
…ain-list_domains (AnalogJ#998)
MasinAD
pushed a commit
to MasinAD/lexicon
that referenced
this pull request
Mar 29, 2022
…ain-list_domains (AnalogJ#998)
MasinAD
pushed a commit
to MasinAD/lexicon
that referenced
this pull request
Mar 29, 2022
…ain-list_domains (AnalogJ#998)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The Dreamhost api command
domain-list_domainswill be retired on Nov 2nd 2021.This diff converts the
_authenticate()method to usedns-list_recordsinstead.Fixes #974
The obvious difference between
domain-list_domainsanddns-list_recordsis that list_records will return any A, CNAME, MX, TXT (and so on) record in the Dreamhost account. Potentially a lot more information compared to the list of domains.Using the test api token (scroll to "Test Account") we can see the difference in response size:
Before:
After:
This is just an example account but illustrates the difference. Any account could have a large number of domain, and/or a large number of records per domain.
I added the condition that the found record should be of type "A" or "AAAA". It's trivial for someone to add any domain (like facebook.com) to their account and create that record though. Doing so puts
facebook.comin both the responses for bothdns-list_recordsanddomains-list_domains. I can see that behavior today in my account.This means that
_authenticate()wasn't, and still doesn't, do a strong ownership check of the domain name. Instead is does verify that the api token works. We shouldn't need that ownership check though, because if nameservers point somewhere else nothing will read that dns record.The notice about all the deprecated Dreamhost API's is here, but it's likely to change after Nov 2nd. Copied here for reference: