src/dns/hetzner.js

'use strict';

exports = module.exports = {
    removePrivateFields,
    injectPrivateFields,
    upsert,
    get,
    del,
    wait,
    verifyDomainConfig
};

const assert = require('node:assert'),
    BoxError = require('../boxerror.js'),
    constants = require('../constants.js'),
    debug = require('debug')('box:dns/hetzner'),
    dig = require('../dig.js'),
    dns = require('../dns.js'),
    safe = require('safetydance'),
    superagent = require('@cloudron/superagent'),
    waitForDns = require('./waitfordns.js');

// const ENDPOINT = 'https://dns.hetzner.com/api/v1';
const ENDPOINT = 'https://api.hetzner.cloud/v1';

function formatError(response) {
    return `Hetzner DNS error ${response.status} ${response.text}`;
}

function removePrivateFields(domainObject) {
    delete domainObject.config.token;
    return domainObject;
}

function injectPrivateFields(newConfig, currentConfig) {
    if (!Object.hasOwn(newConfig, 'token')) newConfig.token = currentConfig.token;
}

async function getZone(domainConfig, zoneName) {
    assert.strictEqual(typeof domainConfig, 'object');
    assert.strictEqual(typeof zoneName, 'string');

    const [error, response] = await safe(superagent.get(`${ENDPOINT}/zones`)
        .set('Authorization', `Bearer ${domainConfig.token}`)
        .query({ search_name: zoneName })
        .timeout(30 * 1000)
        .retry(5)
        .ok(() => true));
    if (error) throw new BoxError(BoxError.NETWORK_ERROR, error);
    if (response.status === 401 || response.status === 403) throw new BoxError(BoxError.ACCESS_DENIED, formatError(response));
    if (response.status !== 200) throw new BoxError(BoxError.EXTERNAL_ERROR, formatError(response));

    if (!Array.isArray(response.body.zones)) throw new BoxError(BoxError.EXTERNAL_ERROR, formatError(response));

    const zone = response.body.zones.filter(z => z.name === zoneName);
    if (zone.length === 0) throw new BoxError(BoxError.NOT_FOUND, formatError(response));
    return zone[0];
}

async function getZoneRecords(domainConfig, zone, name, type) {
    assert.strictEqual(typeof domainConfig, 'object');
    assert.strictEqual(typeof zone, 'object');
    assert.strictEqual(typeof name, 'string');
    assert.strictEqual(typeof type, 'string');

    let page = 1, matchingRecords = [];

    debug(`getZoneRecords: getting dns records of ${zone.name} with ${name} and type ${type}`);

    const perPage = 50;

    while (true) {
        const [error, response] = await safe(superagent.get(`${ENDPOINT}/records`)
            .set('Authorization', `Bearer ${domainConfig.token}`)
            // .set('Auth-API-Token', domainConfig.token)
            .query({ zone_id: zone.id, page, per_page: perPage })
            .timeout(30 * 1000)
            .retry(5)
            .ok(() => true));

        if (error) throw new BoxError(BoxError.NETWORK_ERROR, error);
        if (response.status === 404) throw new BoxError(BoxError.NOT_FOUND, formatError(response));
        if (response.status === 401 || response.status === 403) throw new BoxError(BoxError.ACCESS_DENIED, formatError(response));
        if (response.status !== 200) throw new BoxError(BoxError.EXTERNAL_ERROR, formatError(response));

        matchingRecords = matchingRecords.concat(response.body.records.filter(function (record) {
            return (record.type === type && record.name === name);
        }));

        if (response.body.records.length < perPage) break;

        ++page;
    }

    return matchingRecords;
}

async function upsert(domainObject, location, type, values) {
    assert.strictEqual(typeof domainObject, 'object');
    assert.strictEqual(typeof location, 'string');
    assert.strictEqual(typeof type, 'string');
    assert(Array.isArray(values));

    const domainConfig = domainObject.config,
        zoneName = domainObject.zoneName,
        name = dns.getName(domainObject, location, type) || '@';

    debug(`upsert: ${name} for zone ${zoneName} of type ${type} with values ${JSON.stringify(values)}`);

    const zone = await getZone(domainConfig, zoneName);
    const records = await getZoneRecords(domainConfig, zone, name, type);

    // used to track available records to update instead of create
    let i = 0;

    for (const value of values) {
        const data = {
            type,
            name,
            value,
            ttl: 60,
            zone_id: zone.id
        };

        if (i >= records.length) {
            const [error, response] = await safe(superagent.post(`${ENDPOINT}/records`)
        .set('Authorization', `Bearer ${domainConfig.token}`)
                // .set('Auth-API-Token', domainConfig.token)
                .send(data)
                .timeout(30 * 1000)
                .retry(5)
                .ok(() => true));

            if (error) throw new BoxError(BoxError.NETWORK_ERROR, error);
            if (response.status === 403 || response.status === 401) throw new BoxError(BoxError.ACCESS_DENIED, formatError(response));
            if (response.status === 422) throw new BoxError(BoxError.BAD_FIELD, response.body.message);
            if (response.status !== 200) throw new BoxError(BoxError.EXTERNAL_ERROR, formatError(response));
        } else {
            const [error, response] = await safe(superagent.put(`${ENDPOINT}/records/${records[i].id}`)
        .set('Authorization', `Bearer ${domainConfig.token}`)
                // .set('Auth-API-Token', domainConfig.token)
                .send(data)
                .timeout(30 * 1000)
                .retry(5)
                .ok(() => true));

            ++i;

            if (error) throw new BoxError(BoxError.NETWORK_ERROR, error);
            if (response.status === 403 || response.status === 401) throw new BoxError(BoxError.ACCESS_DENIED, formatError(response));
            if (response.status === 422) throw new BoxError(BoxError.BAD_FIELD, response.body.message);
            if (response.status !== 200) throw new BoxError(BoxError.EXTERNAL_ERROR, formatError(response));
        }
    }

    for (let j = values.length + 1; j < records.length; j++) {
        const [error] = await safe(superagent.del(`${ENDPOINT}/records/${records[j].id}`)
        .set('Authorization', `Bearer ${domainConfig.token}`)
            // .set('Auth-API-Token', domainConfig.token)
            .timeout(30 * 1000)
            .retry(5)
            .ok(() => true));

        if (error) debug(`upsert: error removing record ${records[j].id}: ${error.message}`);
    }

    debug('upsert: completed');
}

async function get(domainObject, location, type) {
    assert.strictEqual(typeof domainObject, 'object');
    assert.strictEqual(typeof location, 'string');
    assert.strictEqual(typeof type, 'string');

    const domainConfig = domainObject.config,
        zoneName = domainObject.zoneName,
        name = dns.getName(domainObject, location, type) || '@';

    const zone = await getZone(domainConfig, zoneName);
    const result = await getZoneRecords(domainConfig, zone, name, type);

    return result.map(function (record) { return record.value; });
}

async function del(domainObject, location, type, values) {
    assert.strictEqual(typeof domainObject, 'object');
    assert.strictEqual(typeof location, 'string');
    assert.strictEqual(typeof type, 'string');
    assert(Array.isArray(values));

    const domainConfig = domainObject.config,
        zoneName = domainObject.zoneName,
        name = dns.getName(domainObject, location, type) || '@';

    const zone = await getZone(domainConfig, zoneName);
    const records = await getZoneRecords(domainConfig, zone, name, type);
    if (records.length === 0) return;

    const matchingRecords = records.filter(function (record) { return values.some(function (value) { return value === record.value; }); });
    if (matchingRecords.length === 0) return;

    for (const r of matchingRecords) {
        const [error, response] = await safe(superagent.del(`${ENDPOINT}/records/${r.id}`)
        .set('Authorization', `Bearer ${domainConfig.token}`)
            // .set('Auth-API-Token', domainConfig.token)
            .timeout(30 * 1000)
            .retry(5)
            .ok(() => true));

        if (error) throw new BoxError(BoxError.NETWORK_ERROR, error);
        if (response.status === 404) return;
        if (response.status === 403 || response.status === 401) throw new BoxError(BoxError.ACCESS_DENIED, formatError(response));
        if (response.status !== 200) throw new BoxError(BoxError.EXTERNAL_ERROR, formatError(response));
    }
}

async function wait(domainObject, subdomain, type, value, options) {
    assert.strictEqual(typeof domainObject, 'object');
    assert.strictEqual(typeof subdomain, 'string');
    assert.strictEqual(typeof type, 'string');
    assert.strictEqual(typeof value, 'string');
    assert(options && typeof options === 'object'); // { interval: 5000, times: 50000 }

    const fqdn = dns.fqdn(subdomain, domainObject.domain);

    await waitForDns(fqdn, domainObject.zoneName, type, value, options);
}

async function verifyDomainConfig(domainObject) {
    assert.strictEqual(typeof domainObject, 'object');

    const domainConfig = domainObject.config,
        zoneName = domainObject.zoneName;

    if (!domainConfig.token || typeof domainConfig.token !== 'string') throw new BoxError(BoxError.BAD_FIELD, 'token must be a non-empty string');
    if ('customNameservers' in domainConfig && typeof domainConfig.customNameservers !== 'boolean') throw new BoxError(BoxError.BAD_FIELD, 'customNameservers must be a boolean');

    const ip = '127.0.0.1';

    const credentials = {
        token: domainConfig.token,
        customNameservers: !!domainConfig.customNameservers
    };

    if (constants.TEST) return credentials; // this shouldn't be here

    const [error, nameservers] = await safe(dig.resolve(zoneName, 'NS', { timeout: 5000 }));
    if (error && error.code === 'ENOTFOUND') throw new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain');
    if (error || !nameservers) throw new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers');

    // https://docs.hetzner.com/dns-console/dns/general/dns-overview#the-hetzner-online-name-servers-are
    if (!nameservers.every(function (n) { return n.toLowerCase().search(/hetzner|your-server|second-ns/) !== -1; })) {
        debug('verifyDomainConfig: %j does not contain Hetzner NS', nameservers);
        if (!domainConfig.customNameservers) throw new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to Hetzner');
    }

    const location = 'cloudrontestdns';

    await upsert(domainObject, location, 'A', [ ip ]);
    debug('verifyDomainConfig: Test A record added');

    await del(domainObject, location, 'A', [ ip ]);
    debug('verifyDomainConfig: Test A record removed again');

    return credentials;
}
dns: add hetzner 2022-05-02 22:00:42 -07:00			`'use strict';`

Revert "Add no-use-before-define linter rule" This reverts commit fdcc5d68a2a92a24b50b490a7a9d9e8cb97f5829. Unfortunately, this requires us to move exports to the bottom. This in turn causes circular dep issues and also access of exports.GLOBAL_VAR in the global context 2025-10-08 20:11:55 +02:00			`exports = module.exports = {`
			`removePrivateFields,`
			`injectPrivateFields,`
			`upsert,`
			`get,`
			`del,`
			`wait,`
			`verifyDomainConfig`
			`};`

use node: prefix for requires mostly because code is being autogenerated by all the AI stuff using this prefix. it's also used in the stack trace. 2025-08-14 11:17:38 +05:30			`const assert = require('node:assert'),`
dns: add hetzner 2022-05-02 22:00:42 -07:00			`BoxError = require('../boxerror.js'),`
			`constants = require('../constants.js'),`
hetzner: debug typo 2022-06-22 22:12:19 -07:00			`debug = require('debug')('box:dns/hetzner'),`
dns: add hetzner 2022-05-02 22:00:42 -07:00			`dig = require('../dig.js'),`
			`dns = require('../dns.js'),`
			`safe = require('safetydance'),`
use the @cloudron/superagent module 2025-07-10 10:55:52 +02:00			`superagent = require('@cloudron/superagent'),`
dns: add hetzner 2022-05-02 22:00:42 -07:00			`waitForDns = require('./waitfordns.js');`

add hetznercloud DNS provider 2025-10-10 11:18:04 +02:00			`// const ENDPOINT = 'https://dns.hetzner.com/api/v1';`
			`const ENDPOINT = 'https://api.hetzner.cloud/v1';`
dns: add hetzner 2022-05-02 22:00:42 -07:00
			`function formatError(response) {`
replace with custom superagent based on fetch API 2025-02-14 17:26:54 +01:00			return `Hetzner DNS error ${response.status} ${response.text}`;
dns: add hetzner 2022-05-02 22:00:42 -07:00			`}`

			`function removePrivateFields(domainObject) {`
domains: remove SECRET_PLACEHOLDER from responses 2025-10-08 12:04:31 +02:00			`delete domainObject.config.token;`
dns: add hetzner 2022-05-02 22:00:42 -07:00			`return domainObject;`
			`}`

			`function injectPrivateFields(newConfig, currentConfig) {`
domains: remove SECRET_PLACEHOLDER from responses 2025-10-08 12:04:31 +02:00			`if (!Object.hasOwn(newConfig, 'token')) newConfig.token = currentConfig.token;`
dns: add hetzner 2022-05-02 22:00:42 -07:00			`}`

			`async function getZone(domainConfig, zoneName) {`
			`assert.strictEqual(typeof domainConfig, 'object');`
			`assert.strictEqual(typeof zoneName, 'string');`

			const [error, response] = await safe(superagent.get(`${ENDPOINT}/zones`)
add hetznercloud DNS provider 2025-10-10 11:18:04 +02:00			.set('Authorization', `Bearer ${domainConfig.token}`)
dns: add hetzner 2022-05-02 22:00:42 -07:00			`.query({ search_name: zoneName })`
			`.timeout(30 * 1000)`
			`.retry(5)`
			`.ok(() => true));`
Fix assert NETWORK_ERROR is usually an AggregateError which causes an assert in BoxError 2024-11-19 17:08:19 +05:30			`if (error) throw new BoxError(BoxError.NETWORK_ERROR, error);`
replace with custom superagent based on fetch API 2025-02-14 17:26:54 +01:00			`if (response.status === 401 \|\| response.status === 403) throw new BoxError(BoxError.ACCESS_DENIED, formatError(response));`
			`if (response.status !== 200) throw new BoxError(BoxError.EXTERNAL_ERROR, formatError(response));`
dns: add hetzner 2022-05-02 22:00:42 -07:00
			`if (!Array.isArray(response.body.zones)) throw new BoxError(BoxError.EXTERNAL_ERROR, formatError(response));`

			`const zone = response.body.zones.filter(z => z.name === zoneName);`
			`if (zone.length === 0) throw new BoxError(BoxError.NOT_FOUND, formatError(response));`
			`return zone[0];`
			`}`

			`async function getZoneRecords(domainConfig, zone, name, type) {`
			`assert.strictEqual(typeof domainConfig, 'object');`
			`assert.strictEqual(typeof zone, 'object');`
			`assert.strictEqual(typeof name, 'string');`
			`assert.strictEqual(typeof type, 'string');`

			`let page = 1, matchingRecords = [];`

Fix debugs 2024-11-30 10:18:48 +01:00			debug(`getZoneRecords: getting dns records of ${zone.name} with ${name} and type ${type}`);
dns: add hetzner 2022-05-02 22:00:42 -07:00
			`const perPage = 50;`

			`while (true) {`
			const [error, response] = await safe(superagent.get(`${ENDPOINT}/records`)
add hetznercloud DNS provider 2025-10-10 11:18:04 +02:00			.set('Authorization', `Bearer ${domainConfig.token}`)
			`// .set('Auth-API-Token', domainConfig.token)`
dns: add hetzner 2022-05-02 22:00:42 -07:00			`.query({ zone_id: zone.id, page, per_page: perPage })`
			`.timeout(30 * 1000)`
			`.retry(5)`
			`.ok(() => true));`

Fix assert NETWORK_ERROR is usually an AggregateError which causes an assert in BoxError 2024-11-19 17:08:19 +05:30			`if (error) throw new BoxError(BoxError.NETWORK_ERROR, error);`
replace with custom superagent based on fetch API 2025-02-14 17:26:54 +01:00			`if (response.status === 404) throw new BoxError(BoxError.NOT_FOUND, formatError(response));`
			`if (response.status === 401 \|\| response.status === 403) throw new BoxError(BoxError.ACCESS_DENIED, formatError(response));`
			`if (response.status !== 200) throw new BoxError(BoxError.EXTERNAL_ERROR, formatError(response));`
dns: add hetzner 2022-05-02 22:00:42 -07:00
			`matchingRecords = matchingRecords.concat(response.body.records.filter(function (record) {`
			`return (record.type === type && record.name === name);`
			`}));`

			`if (response.body.records.length < perPage) break;`

			`++page;`
			`}`

			`return matchingRecords;`
			`}`

			`async function upsert(domainObject, location, type, values) {`
			`assert.strictEqual(typeof domainObject, 'object');`
			`assert.strictEqual(typeof location, 'string');`
			`assert.strictEqual(typeof type, 'string');`
			`assert(Array.isArray(values));`

			`const domainConfig = domainObject.config,`
			`zoneName = domainObject.zoneName,`
			`name = dns.getName(domainObject, location, type) \|\| '@';`

Fix assert NETWORK_ERROR is usually an AggregateError which causes an assert in BoxError 2024-11-19 17:08:19 +05:30			debug(`upsert: ${name} for zone ${zoneName} of type ${type} with values ${JSON.stringify(values)}`);
dns: add hetzner 2022-05-02 22:00:42 -07:00
			`const zone = await getZone(domainConfig, zoneName);`
			`const records = await getZoneRecords(domainConfig, zone, name, type);`

			`// used to track available records to update instead of create`
			`let i = 0;`

Fix assert NETWORK_ERROR is usually an AggregateError which causes an assert in BoxError 2024-11-19 17:08:19 +05:30			`for (const value of values) {`
dns: add hetzner 2022-05-02 22:00:42 -07:00			`const data = {`
			`type,`
			`name,`
			`value,`
			`ttl: 60,`
			`zone_id: zone.id`
			`};`

			`if (i >= records.length) {`
			const [error, response] = await safe(superagent.post(`${ENDPOINT}/records`)
add hetznercloud DNS provider 2025-10-10 11:18:04 +02:00			.set('Authorization', `Bearer ${domainConfig.token}`)
			`// .set('Auth-API-Token', domainConfig.token)`
dns: add hetzner 2022-05-02 22:00:42 -07:00			`.send(data)`
			`.timeout(30 * 1000)`
			`.retry(5)`
			`.ok(() => true));`

Fix assert NETWORK_ERROR is usually an AggregateError which causes an assert in BoxError 2024-11-19 17:08:19 +05:30			`if (error) throw new BoxError(BoxError.NETWORK_ERROR, error);`
replace with custom superagent based on fetch API 2025-02-14 17:26:54 +01:00			`if (response.status === 403 \|\| response.status === 401) throw new BoxError(BoxError.ACCESS_DENIED, formatError(response));`
			`if (response.status === 422) throw new BoxError(BoxError.BAD_FIELD, response.body.message);`
			`if (response.status !== 200) throw new BoxError(BoxError.EXTERNAL_ERROR, formatError(response));`
dns: add hetzner 2022-05-02 22:00:42 -07:00			`} else {`
			const [error, response] = await safe(superagent.put(`${ENDPOINT}/records/${records[i].id}`)
add hetznercloud DNS provider 2025-10-10 11:18:04 +02:00			.set('Authorization', `Bearer ${domainConfig.token}`)
			`// .set('Auth-API-Token', domainConfig.token)`
dns: add hetzner 2022-05-02 22:00:42 -07:00			`.send(data)`
			`.timeout(30 * 1000)`
			`.retry(5)`
			`.ok(() => true));`

			`++i;`

Fix assert NETWORK_ERROR is usually an AggregateError which causes an assert in BoxError 2024-11-19 17:08:19 +05:30			`if (error) throw new BoxError(BoxError.NETWORK_ERROR, error);`
replace with custom superagent based on fetch API 2025-02-14 17:26:54 +01:00			`if (response.status === 403 \|\| response.status === 401) throw new BoxError(BoxError.ACCESS_DENIED, formatError(response));`
			`if (response.status === 422) throw new BoxError(BoxError.BAD_FIELD, response.body.message);`
			`if (response.status !== 200) throw new BoxError(BoxError.EXTERNAL_ERROR, formatError(response));`
dns: add hetzner 2022-05-02 22:00:42 -07:00			`}`
			`}`

			`for (let j = values.length + 1; j < records.length; j++) {`
			const [error] = await safe(superagent.del(`${ENDPOINT}/records/${records[j].id}`)
add hetznercloud DNS provider 2025-10-10 11:18:04 +02:00			.set('Authorization', `Bearer ${domainConfig.token}`)
			`// .set('Auth-API-Token', domainConfig.token)`
dns: add hetzner 2022-05-02 22:00:42 -07:00			`.timeout(30 * 1000)`
			`.retry(5)`
			`.ok(() => true));`

			if (error) debug(`upsert: error removing record ${records[j].id}: ${error.message}`);
			`}`

			`debug('upsert: completed');`
			`}`

			`async function get(domainObject, location, type) {`
			`assert.strictEqual(typeof domainObject, 'object');`
			`assert.strictEqual(typeof location, 'string');`
			`assert.strictEqual(typeof type, 'string');`

			`const domainConfig = domainObject.config,`
			`zoneName = domainObject.zoneName,`
			`name = dns.getName(domainObject, location, type) \|\| '@';`

			`const zone = await getZone(domainConfig, zoneName);`
			`const result = await getZoneRecords(domainConfig, zone, name, type);`

			`return result.map(function (record) { return record.value; });`
			`}`

			`async function del(domainObject, location, type, values) {`
			`assert.strictEqual(typeof domainObject, 'object');`
			`assert.strictEqual(typeof location, 'string');`
			`assert.strictEqual(typeof type, 'string');`
			`assert(Array.isArray(values));`

			`const domainConfig = domainObject.config,`
			`zoneName = domainObject.zoneName,`
			`name = dns.getName(domainObject, location, type) \|\| '@';`

			`const zone = await getZone(domainConfig, zoneName);`
			`const records = await getZoneRecords(domainConfig, zone, name, type);`
			`if (records.length === 0) return;`

			`const matchingRecords = records.filter(function (record) { return values.some(function (value) { return value === record.value; }); });`
			`if (matchingRecords.length === 0) return;`

			`for (const r of matchingRecords) {`
			const [error, response] = await safe(superagent.del(`${ENDPOINT}/records/${r.id}`)
add hetznercloud DNS provider 2025-10-10 11:18:04 +02:00			.set('Authorization', `Bearer ${domainConfig.token}`)
			`// .set('Auth-API-Token', domainConfig.token)`
dns: add hetzner 2022-05-02 22:00:42 -07:00			`.timeout(30 * 1000)`
			`.retry(5)`
			`.ok(() => true));`

Fix assert NETWORK_ERROR is usually an AggregateError which causes an assert in BoxError 2024-11-19 17:08:19 +05:30			`if (error) throw new BoxError(BoxError.NETWORK_ERROR, error);`
replace with custom superagent based on fetch API 2025-02-14 17:26:54 +01:00			`if (response.status === 404) return;`
			`if (response.status === 403 \|\| response.status === 401) throw new BoxError(BoxError.ACCESS_DENIED, formatError(response));`
			`if (response.status !== 200) throw new BoxError(BoxError.EXTERNAL_ERROR, formatError(response));`
dns: add hetzner 2022-05-02 22:00:42 -07:00			`}`
			`}`

			`async function wait(domainObject, subdomain, type, value, options) {`
			`assert.strictEqual(typeof domainObject, 'object');`
			`assert.strictEqual(typeof subdomain, 'string');`
			`assert.strictEqual(typeof type, 'string');`
			`assert.strictEqual(typeof value, 'string');`
			`assert(options && typeof options === 'object'); // { interval: 5000, times: 50000 }`

dns: fqdn only needs domain string This is from the caas days, when we had hyphenated subdomains flag 2022-11-28 21:23:06 +01:00			`const fqdn = dns.fqdn(subdomain, domainObject.domain);`
dns: add hetzner 2022-05-02 22:00:42 -07:00
			`await waitForDns(fqdn, domainObject.zoneName, type, value, options);`
			`}`

			`async function verifyDomainConfig(domainObject) {`
			`assert.strictEqual(typeof domainObject, 'object');`

			`const domainConfig = domainObject.config,`
			`zoneName = domainObject.zoneName;`

			`if (!domainConfig.token \|\| typeof domainConfig.token !== 'string') throw new BoxError(BoxError.BAD_FIELD, 'token must be a non-empty string');`
domains: add option to set custom/vanity nameservers this flag skips the NS name validation when a custom nameserver is set i.e not to the provider's NS but uses the provider's API. 2025-03-02 07:27:09 +01:00			`if ('customNameservers' in domainConfig && typeof domainConfig.customNameservers !== 'boolean') throw new BoxError(BoxError.BAD_FIELD, 'customNameservers must be a boolean');`
dns: add hetzner 2022-05-02 22:00:42 -07:00
			`const ip = '127.0.0.1';`

			`const credentials = {`
domains: add option to set custom/vanity nameservers this flag skips the NS name validation when a custom nameserver is set i.e not to the provider's NS but uses the provider's API. 2025-03-02 07:27:09 +01:00			`token: domainConfig.token,`
			`customNameservers: !!domainConfig.customNameservers`
dns: add hetzner 2022-05-02 22:00:42 -07:00			`};`

Use constants.TEST 2023-10-01 13:52:19 +05:30			`if (constants.TEST) return credentials; // this shouldn't be here`
dns: add hetzner 2022-05-02 22:00:42 -07:00
			`const [error, nameservers] = await safe(dig.resolve(zoneName, 'NS', { timeout: 5000 }));`
			`if (error && error.code === 'ENOTFOUND') throw new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain');`
			`if (error \|\| !nameservers) throw new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers');`

			`// https://docs.hetzner.com/dns-console/dns/general/dns-overview#the-hetzner-online-name-servers-are`
hetzner: accomodate other nameservers 2023-12-05 18:13:34 +01:00			`if (!nameservers.every(function (n) { return n.toLowerCase().search(/hetzner\|your-server\|second-ns/) !== -1; })) {`
hetzner: typo in error message 2023-12-27 20:41:34 +01:00			`debug('verifyDomainConfig: %j does not contain Hetzner NS', nameservers);`
domains: add option to set custom/vanity nameservers this flag skips the NS name validation when a custom nameserver is set i.e not to the provider's NS but uses the provider's API. 2025-03-02 07:27:09 +01:00			`if (!domainConfig.customNameservers) throw new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to Hetzner');`
dns: add hetzner 2022-05-02 22:00:42 -07:00			`}`

			`const location = 'cloudrontestdns';`

			`await upsert(domainObject, location, 'A', [ ip ]);`
			`debug('verifyDomainConfig: Test A record added');`

			`await del(domainObject, location, 'A', [ ip ]);`
			`debug('verifyDomainConfig: Test A record removed again');`

			`return credentials;`
			`}`
domains: remove SECRET_PLACEHOLDER from responses 2025-10-08 12:04:31 +02:00