Skip to content

Add a script for creating DNS records in Cloudflare #692

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Keonik1 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add a script for creating DNS records in Cloudflare #692

Keonik1 wants to merge 1 commit into from
+190 −0

Conversation

@Keonik1
Copy link
Collaborator

@Keonik1 Keonik1 commented Oct 24, 2025

A small script that allows you to create all the necessary DNS records in Cloudflare.

@Keonik1 Keonik1 requested review from hpk42 and missytake October 24, 2025 21:12
link2xt
link2xt reviewed Oct 25, 2025
View reviewed changes
Copy link
Contributor

@link2xt link2xt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CAA record is simply not created, DKIM key is missing.

Also this script will need to be maintained if merged and we don't use cloudflare so cannot test it.

If we want to automate uploading DNS records to APIs, I would at least use existing solution like https://github.com/StackExchange/dnscontrol instead of rolling out our own that only supports cloudflare and is not used by anyone else.

scripts/create_cloudflare_records.sh
create_record "$(generate_post_data_txt_record "$CHATMAIL_FULL_DNS_NAME" '\"v=spf1 a ~all\"')"
create_record "$(generate_post_data_txt_record "_dmarc.$CHATMAIL_FULL_DNS_NAME" '\"v=DMARC1;p=reject;adkim=s;aspf=s\"')"
create_record "$(generate_post_data_txt_record "_adsp._domainkey.$CHATMAIL_FULL_DNS_NAME" '\"dkim=discardable\"')"
create_record "$(generate_post_data_txt_record "opendkim._domainkey.$CHATMAIL_FULL_DNS_NAME" '\"v=DKIM1;k=rsa;p=;s=email;t=s\"')"
Copy link
Contributor

@link2xt link2xt Oct 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

p= value is empty, so there is no actual DKIM key.

hpk42
hpk42 reviewed Nov 7, 2025
View reviewed changes
Copy link
Contributor

@hpk42 hpk42 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am generally in favor of finding a way to automatically set DNS records instead of just reading/verifying them.
But maintaining a bash script in scripts/ with manual instructions how to use it is not a good way to introduce it.
Better to think about integration into "cmdeploy" CLI flows related to DNS, and also consider it from the documentation side ("how to deal with DNS" is probably the most major pain point in setting up a relay). We could put the cloud-flare script into an "examples" section after #711 is merged.

@ccclxxiii
Copy link

ccclxxiii commented Dec 13, 2025

CAA record is simply not created, DKIM key is missing.

Also this script will need to be maintained if merged and we don't use cloudflare so cannot test it.

If we want to automate uploading DNS records to APIs, I would at least use existing solution like https://github.com/StackExchange/dnscontrol instead of rolling out our own that only supports cloudflare and is not used by anyone else.

this is what i'm using, i'm working on a hook that calls dnscontrol to push the records via api for common providers. if this is not preferred we may be able to make py infra do the work, but i'd need to research it a bit more since it's newer framework for me

@link2xt
Copy link
Contributor

link2xt commented Dec 13, 2025

we may be able to make py infra do the work

pyinfra is mostly about SSHing into the server and installing stuff there. For DNS we only need to do things locally, like generating a zonefile or dnsconfig.js for dnscontrol.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hpk42 hpk42 hpk42 left review comments

@link2xt link2xt link2xt left review comments

@missytake missytake Awaiting requested review from missytake

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Keonik1 @ccclxxiii @link2xt @hpk42