Manipulate DNS records on various DNS providers in a standardized/agnostic way.

Lexicon provides a way to manipulate DNS records on multiple DNS providers in a standardized way. Lexicon has a CLI but it can also be used as a python library.

Lexicon was designed to be used in automation, specifically letsencrypt.

• Generating Intranet & Private Network SSL Certificates using Lets Encrypt & Lexicon

Only DNS providers who have an API can be supported by lexicon.

The current supported providers are:

• AWS Route53 (docs)
• Cloudflare (docs)
• CloudXNS (docs)
• DigitalOcean (docs)
• DNSimple (docs)
• DnsMadeEasy (docs)
• DNSPark (docs)
• DNSPod (docs)
• EasyDNS (docs)
• Gandi (docs)
• LuaDNS (docs)
• Namesilo (docs)
• NS1 (docs)
• PointHQ (docs)
• Rage4 (docs)
• Transip (docs)
• Vultr (docs)

Potential providers are as follows. If you would like to contribute one, please open a pull request.

• AuroraDNS (docs)
• AHNames (docs)
• BuddyDNS (docs)
• ClouDNS (docs) _{Unable to test, requires paid account}
• DurableDNS (docs) _{Can't set TXT records}
• Dyn (docs) _{Unable to test, requires paid account}
• EntryDNS (docs) _{Unable to test, requires paid account}
• Google Cloud DNS (docs)
• GoDaddy DNS (docs)
• Host Virtual DNS (docs) _{Unable to test, requires paid account}
• ironDNS (docs) _{Unable to test, requires paid account}
• Linode (docs) _{Unable to test, requires paid account}
• Liquidweb (docs) _{Unable to test, requires paid account}
• Mythic Beasts(docs)
• Namecheap (docs)
• NFSN (NearlyFreeSpeech) (docs) _{Unable to test, requires paid account}
• OnApp DNS (docs) _{Unable to test, requires paid account}
• PowerDNS (docs)
• Rackspace (docs)
• RFC2136 (docs)
• SoftLayer (docs)
• UltraDNS (docs) _{Unable to test, requires paid account}
• WorldWideDns (docs) _{Unable to test, requires paid account}
• Yandex (docs)
• Zerigo (docs) _{Unable to test, requires paid account}
• Zonomi (docs) _{Unable to test, requires paid account}

To use lexicon as a CLI application, do the following:

pip install dns-lexicon

Some providers (like Route53 and TransIP) require additional depdencies. You can install provider specific dependencies seperately:

pip install dns-lexicon[route53]

You can also install the latest version from the repository directly.

pip install git+https://github.com/AnalogJ/lexicon.git

and with Route 53 provider depedencies:

pip install git+https://github.com/AnalogJ/lexicon.git#egg=dns-lexicon[route53]

$ lexicon -h
  usage: lexicon [-h] [--version]
                 {cloudflare,digitalocean,dnsimple,dnsmadeeasy,dnspark,easydns,namesilo,nsone,pointhq,rage4,vultr}
                 ...

  Create, Update, Delete, List DNS entries

  positional arguments:
    {cloudflare,digitalocean,dnsimple,dnsmadeeasy,dnspark,easydns,namesilo,nsone,pointhq,rage4,vultr}
                          specify the DNS provider to use
      cloudflare          cloudflare provider
      digitalocean        digitalocean provider
  ...
      rage4               rage4 provider
      vultr               vultr provider

  optional arguments:
    -h, --help            show this help message and exit
    --version             show the current version of lexicon


  $ lexicon cloudflare -h
  usage: lexicon cloudflare [-h] [--name NAME] [--content CONTENT] [--ttl TTL]
                            [--priority PRIORITY] [--identifier IDENTIFIER]
                            [--auth-username AUTH_USERNAME]
                            [--auth-token AUTH_TOKEN]
                            {create,list,update,delete} domain
                            {A,AAAA,CNAME,MX,NS,SPF,SOA,TXT,SRV,LOC}

  positional arguments:
    {create,list,update,delete}
                          specify the action to take
    domain                specify the domain, supports subdomains as well
    {A,AAAA,CNAME,MX,NS,SPF,SOA,TXT,SRV,LOC}
                          specify the entry type

  optional arguments:
    -h, --help            show this help message and exit
    --name NAME           specify the record name
    --content CONTENT     specify the record content
    --ttl TTL             specify the record time-to-live
    --priority PRIORITY   specify the record priority
    --identifier IDENTIFIER
                          specify the record for update or delete actions
    --auth-username AUTH_USERNAME
                          specify email address used to authenticate
    --auth-token AUTH_TOKEN
                          specify token used authenticate

Using the lexicon CLI is pretty simple:

# setup provider environmental variables:
LEXICON_CLOUDFLARE_USERNAME="[email protected]"
LEXICON_CLOUDFLARE_TOKEN="cloudflare-api-token"

# list all TXT records on cloudflare
lexicon cloudflare list example.com TXT

# create a new TXT record on cloudflare
lexicon cloudflare create www.example.com TXT --name="_acme-challenge.www.example.com." --content="challenge token"

# delete a  TXT record on cloudflare
lexicon cloudflare delete www.example.com TXT --name="_acme-challenge.www.example.com." --content="challenge token"
lexicon cloudflare delete www.example.com TXT --identifier="cloudflare record id"

Most supported DNS services provide an API token, however each service implements authentication differently. Lexicon attempts to standardize authentication around the following CLI flags:

• --auth-username - For DNS services that require it, this is usually the account id or email address
• --auth-password - For DNS services that do not provide an API token, this is usually the account password
• --auth-token - This is the most common auth method, the API token provided by the DNS service

You can see all the --auth-* flags for a specific service by reading the DNS service specific help: lexicon cloudflare -h

Instead of providing Authentication information via the CLI, you can also specify them via Environmental Variables. Every DNS service and auth flag maps to an Environmental Variable as follows: LEXICON_{DNS Provider Name}_{Auth Type}

So instead of specifying --auth-username and --auth-token flags when calling lexicon cloudflare ..., you could instead set the LEXICON_CLOUDFLARE_USERNAME and LEXICON_CLOUDFLARE_TOKEN environmental variables.

Lexicon has an example dehydrated hook file that you can use for any supported provider. All you need to do is set the PROVIDER env variable.

PROVIDER=cloudflare dehydrated --cron --hook dehydrated.default.sh --challenge dns-01

There is an included example Dockerfile that can be used to automatically generate certificates for your website.

• Create and Register a lexicon pip package.
• Write documentation on supported environmental variables.
• Wire up automated release packaging on PRs.
• Check for additional dns hosts with apis (from fog, dnsperf, libcloud)
• Get a list of Letsencrypt clients, and create hook files for them (letsencrypt clients)

If the DNS provider you use is not already available, please consider contributing by opening a pull request.

MIT

tox