API DNS Management

Just wanted to give everyone a heads up but I wrote a python script to create DNS records using the API.

It is a quick script that supports A, SRV, SSHFP, and CAA records being created. I do plan on adding more types but those were the ones that I saw were having issues. I have tested it and it creates all records correctly.

It is available on Gitlab here.

2 Likes

@netravnen
@blandyuk
@mnordhoff
@montreal (creates SRV records with _tls if you still need it)
@huynhnguyenthuan0910

1 Like

Thanks!

If you don’t mind the question, how did you figure out how to do it?

I didn’t want to drag the previous topic off-topic (now I’ll do so here) but despite support’s reference to the API documentation, it does not document CAA records at all.

My previous attempts to create CAA records with python-Cloudflare had all ended in failure. Seeing how you did it with raw requests, now I get it.

>>> import Cloudflare
>>> cf = Cloudflare.Cloudflare()
>>> zone_id = 'xxx'
>>> data = {'name': 'yyy', 'type': 'CAA', 'data': {'flags': 0, 'tag': 'issue', 'value': ';'}}
>>> cf.zones.dns_records.post(zone_id, data=data)

I get how to do it now – list your existing records (I had some, luckily), completely ignore the content field, mimic the data field instead – but I had no idea before.

Trial and error. According to the documentation CAA is not supported type but it is still worked.
For the record I crafted a request with the type of CAA and it came back saying it needed the data field so I found what a CAA record needs and added it and it worked.

1 Like

All good stuff :slight_smile: Python or Perl is fine.

Jake1st: Did you test all types of CAA records? Example from https://caatest.co.uk/:

0 iodef "mailto:[email protected]"
0 issue “comodoca.com
0 issue “digicert.com
0 issue “letsencrypt.org
0 issuewild “comodoca.com
0 issuewild “digicert.com
0 issuewild “letsencrypt.org

All the above apart from the “iodef” are added via CF anyway so no need to add them again. You can check with the CAA Checker link above.

@blandyuk
Yes, all types where tested. Just make sure that you add mailto: for an iodef record as it script does not change based on iodef or issue choice.

OK good work.

Just logged in and their UI is still broken for CAA records! Not rushing to fix it eh! Their page did display a feedback survey for the new DNS UI :smiley: lol they REALLY should not have shown me that. I left my review for them to hopefully not make this stupid mistake again!

It’s called “TESTING” for a reason. Clearly it was not tested enough.

We try very hard to make each stupid mistake new and exciting… making the same ones is so boring. :wink: