Thank you for you input. That cleared a lot for me and motivated to move forward.
@rg305 If I understood your idea correctly we may extend DNS-Over-HTTP endpoint to support PUT method with update of DNS records. We may also use a PATCH method for a partial update/add of one record.
As usual with REST we can't always nicely match resource (e.g. file) operation to RPC. But still the idea is worth to be considered.
@webprofusion thank you for letting me know about the acme-dns protocol. It's exactly what I'm looking for.
It has a good README acme-dns/README.md at master · joohoi/acme-dns · GitHub
And it's author wrote a good article on the topic A Technical Deep Dive: Securing the Automation of ACME DNS Challenge Validation | Electronic Frontier Foundation
It already have a certbot plugin GitHub - acme-dns/acme-dns-client: A client software for https://github.com/joohoi/acme-dns but it must be installed manually and this makes it hard to use for unexperienced users. It must be included to the certbot out of the box. It's written in Go while the cerbot uses Python and this makes it's harder to make it a part of basic package. Maybe we can rewrite it to Python. UPD GitHub - joohoi/acme-dns-certbot-joohoi: Certbot client hook for acme-dns
Maybe instead we may add it's support to the Lexicon library which is written in Python and use it by the certbot.
The acme-dns is supported by acme.sh
Also it's not supported yet by Lego which is Golang library Welcome :: Let’s Encrypt client and ACME library written in Go.
UPD it's supported lego/providers/dns/acmedns at master · go-acme/lego · GitHub
Unfortunately it uses a POST request with JSON to create records. As I mentioned before this makes a problem for routers with dynamic dns.
So I checked DDNS providers and from what I saw we have not that much chooses here.
-
Dyn.com is a first and most supported DDNS provider. But it's paid and expensive and not open source. The DynDNS uses a
GET /nic/update?domains=example.com&myip=1.1.1.1request to update the A record of a domain. But they have a very bad API to create subdomains which uses sessions. Here is how it's implemented in the acme.sh acme.sh/dns_dyn.sh at master · acmesh-official/acme.sh · GitHub - (probably) most popular free DDNS is DuckDNS.org and their api for creating a TXT record is GET based and implementation is simple acme.sh/dns_duckdns.sh at master · acmesh-official/acme.sh · GitHub
- Dinu.com is less popular and badly maintained (I still waiting an email for registration) but it has kind of rich REST based API API | Dynu and again widely supported. So it uses POST and DELETE methods which is a problem for routers. See acme.sh/dns_dynu.sh at master · acmesh-official/acme.sh · GitHub
So to summarize I see that the DuckDNS is a best option. It's already supported by the Lego but not by the Lexicon. For routers manufactures it will be easier to add it's support.
I going to discuss with the acme-dns author Joona Hoikkala the idea to just switch it to use the DuckDNS API.
UPD Support of DuckDNS.org API · Issue #323 · joohoi/acme-dns · GitHub
This will makes it immediately supported by many existing clients.
Anyway, even today we should include the DuckDNS plugin to the cerbot core. It's already have a Python plugin and even some snap package. This is a really popular DNS hosting. And additionally I just need an option to override API base URL from the official DuckDNS.org to a custom. This looks like an easy thing to do and will help a lot for many people who have an IP camera at home or making a self hosting.
Please tell me if I should rise an issue in Github for this.