An (unofficial) octoDNS provider that targets Yandex Cloud DNS.
And an additional provider for Yandex 360 for business.
pip install octodns-yandex
Pinning specific versions or SHAs is recommended to avoid unplanned upgrades.
# Start with the latest versions and don't just copy what's here
octodns==1.6.1
octodns-yandex==0.0.3
# Start with the latest/specific versions and don't just copy what's here
-e git+https://git@github.com/octodns/octodns.git@384ce2018291f15c1d021a70f46820315af478cc#egg=octodns
-e git+https://git@github.com/90victor09/octodns-yandex.git@0067b545710050b7e4f85471bbe7bfe66a6a0c10#egg=octodns_yandex
Required roles:
dns.editor
- for dump and syncdns.viewer
- for dump only
providers:
yandexcloud:
class: octodns_yandex.YandexCloudProvider
# Cloud folder id to look up DNS zones
folder_id: a1bc...
# YandexCloud allows creation of multiple zones with the same name.
# By default, provider picks first found zone (null)
# You can specify to search public zone, if it exists (true)
# Or first found internal zone (false)
# If you have several internal zones with the same name - see zone_ids_map
prioritize_public: true
# Optionally, provide ids to map zones exactly
zone_ids_map:
example.com.: dns1abc...
# Auth type. Available options:
# oauth - use OAuth token
# iam - use IAM token
# metadata - automatic auth inside of VM instance/function with assigned Service Account
# sa-key - use Service Account Key
# yc-cli - call 'yc' command to get OAuth token from its config
auth_type: yc-cli
# (oauth) OAuth token
#oauth_token: env/YC_OAUTH_TOKEN
# (iam) IAM token
#iam_token: env/YC_IAM_TOKEN
# (sa-key) File with SA key JSON
#sa_key_file: key.json
# (sa-key) Or, its in-config values
#sa_key:
# id: env/YC_SA_KEY_ID
# service_account_id: env/YC_SA_KEY_ACCOUNT_ID
# private_key: env/YC_SA_KEY_PRIVATE_KEY
Provides records for ACME DNS challenges.
Required role:
certificate-manager.viewer
providers:
yandexcloud_cm:
class: octodns_yandex.YandexCloudCMSource
# Cloud folder id to look up DNS zones
folder_id: a1bc...
# Challenge type to use: CNAME or TXT
record_type: CNAME
# Challenge records TTL
record_ttl: 3600
# Auth options are the same as for octodns_yandex.YandexCloudProvider
auth_type: yc-cli
Provides CNAME records for CDN.
Required role:
cdn.viewer
providers:
yandexcloud_cdn:
class: octodns_yandex.YandexCloudCDNSource
# Cloud folder id to look up DNS zones
folder_id: a1bc...
# CDN records TTL
record_ttl: 3600
# Auth options are the same as for octodns_yandex.YandexCloudProvider
auth_type: yc-cli
You can obtain OAuth token through existing application:
https://oauth.yandex.ru/authorize?response_type=token&client_id=daf031bc5d83471d88c5932e8ddef46c
Or you can create your own application with following permissions:
directory:read_organization
directory:read_domains
directory:manage_dns
providers:
yandex360:
class: octodns_yandex.Yandex360Provider
# OAuth token
oauth_token: env/Y360_TOKEN
What | Supported records |
---|---|
YandexCloudProvider |
A , AAAA , CAA , CNAME , MX , NS , PTR , SRV , TXT , ANAME |
Yandex360Provider |
A , AAAA , CAA , CNAME , MX , NS , SRV , TXT |
YandexCloudCMSource |
CNAME , TXT |
YandexCloudCDNSource |
CNAME |
YandexCloudProvider
supports root NS record management, but changing them doesn't seem to do anything.
Yandex360Provider
does not support root NS record management.
YandexCloudProvider
does not support dynamic records.
Yandex360Provider
does not support dynamic records.
YandexCloudProvider/ANAME
record acts like ALIAS
, but supports subdomains.
aname:
type: YandexCloudProvider/ANAME
value: example.com.
See the /script/ directory for some tools to help with the development process. They generally follow the Script to rule them all pattern. Most useful is ./script/bootstrap
which will create a venv and install both the runtime and development related requirements. It will also hook up a pre-commit hook that covers most of what's run by CI.
If you are using PyCharm with yc-cli
auth type, it could be easier to create a symlink to 'yc' binary in your venv's bin directory rather than trying to get it working the proper way :/ .