[tahoe-lafs-trac-stream] [Tahoe-LAFS] #4162: Infrastructure as Code to manage DNS configurations
Tahoe-LAFS
trac at tahoe-lafs.org
Wed May 21 10:35:31 UTC 2025
#4162: Infrastructure as Code to manage DNS configurations
------------------------------------+-----------------------
Reporter: btlogy | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: undecided
Component: dev-infrastructure | Version: n/a
Resolution: | Keywords: IaC
Launchpad Bug: |
------------------------------------+-----------------------
Comment (by hacklschorsch):
From reviewing @btlogy's good work on this (see [[https://github.com
/tahoe-
lafs/infrastructure/issues/56#issuecomment-2895638309|infrastructure#56]]),
Hetzner seems to not have (at least official) support for hosting sub-
zones.
We now have a working configuration, but it's not compliant to the spec -
I can't say how bad that is / if that could come to bite us later.
If we want to go DNS-spec-compliant, we could try another DNS provider
that does support sub-zones proper. Here's two examples I picked from
[[https://community.letsencrypt.org/t/dns-providers-who-easily-integrate-
with-lets-encrypt-dns-validation/86438|this list in the Let's Encrypt
forum]] and that both support configuration through !OpenTofu:
- https://desec.io/ seems fully featured, has dnssec (mandatory even), and
from the docs seems to support subdomain zones. They also are open source,
Berlin-based, privacy focused, non-profit funded (i.a.) by NLnet and RIPE
and the EU.
- https://dns.he.net/ Hurricane Electric is one of the cooler ones that do
not require dnssec
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/4162#comment:25>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list