iway-dns-update
Simple script to update DNS records
Project Structure
main.py: The entry point that handles command-line arguments.api.py: The core module containing logic for login, CSRF handling, DNS patching, and logout.iway-certbot-dns-auth.yml: Your private configuration file (contains credentials).
Setup
Requirements
I'm using uv, but feel free to use what you need.
uv sync
uv lock --upgrade
Configuration
Create a file iway-certbot-dns-auth.yml with content:
account:
username: 'api user'
password: 'secret'
Security
Just ensure that you don't save any credentials in this git repo
Usage
You can run the script from the terminal by passing the domain, record name, type, and the new value.
Example: Update a TLSA record
python main.py \
--domain dasbaum.ch \
--name _25._tcp.mail.dasbaum.ch \
--type TLSA \
--value "3 1 1 <sha512>"
| Argument | Description | Example |
|---|---|---|
| --domain | The zone domain | dasbaum.ch |
| --name | Full record name | _acme-challenge.dasbaum.ch |
| --type | DNS Record Type | "TXT, TLSA, A" |
| --value | New record content | your-secret-token |
| --config | (Optional) Path to config | my-config.yml |
How it works
- Authentication: The script logs into the iWay API to retrieve a Bearer token and a
csrftokencookie. - CSRF Handling: It extracts the
csrftokenfrom the response cookies and includes it in theX-CSRFTokenheader for subsequent requests. - DNS Patching: It sends a
PATCHrequest to the forward zone endpoint to update the specificrrsets. - Session Cleanup: It performs a logout request to invalidate the tokens immediately after the work is done.