Configuration reference

Providers options

List of options

aliyun
  • auth_key_id Specify access key id for authentication
  • auth_secret Specify access secret for authentication
aurora
  • auth_api_key Specify api key for authentication
  • auth_secret_key Specify the secret key for authentication
azure
  • auth_client_id Specify the client id (aka application id) of the app registration
  • auth_client_secret Specify the client secret of the app registration
  • auth_tenant_id Specify the tenant id (aka directory id) of the app registration
  • auth_subscription_id Specify the subscription id attached to the resource group
  • resource_group Specify the resource group hosting the dns zone to edit
cloudflare
  • auth_username Specify email address for authentication (for global api key only)
  • auth_token Specify token for authentication (global api key or api token)
  • zone_id Specify the zone id (if set, api token can be scoped to the target zone)
cloudns
  • auth_id Specify user id for authentication
  • auth_subid Specify subuser id for authentication
  • auth_subuser Specify subuser name for authentication
  • auth_password Specify password for authentication
  • weight Specify the srv record weight
  • port Specify the srv record port
cloudxns
  • auth_username Specify api-key for authentication
  • auth_token Specify secret-key for authentication
conoha
  • auth_region Specify region. if empty, region ‘tyo1’ will be used.
  • auth_token Specify token for authentication. if empty, the username and password will be used to create a token.
  • auth_username Specify api username for authentication. only used if –auth-token is empty.
  • auth_password Specify api user password for authentication. only used if –auth-token is empty.
  • auth_tenant_id Specify tenand id for authentication. only used if –auth-token is empty.
constellix
  • auth_username Specify the api key username for authentication
  • auth_token Specify secret key for authenticate=
ddns
  • auth_token Specify the key used in format <alg>:<key_id>:<secret>
  • ddns_server Specify ip of the ddns server
digitalocean
  • auth_token Specify token for authentication
dinahosting
  • auth_username Specify username for authentication
  • auth_password Specify password for authentication
directadmin
  • auth_password Specify password for authentication (or login key for two-factor authentication)
  • auth_username Specify username for authentication
  • endpoint Specify the directadmin endpoint
dnsimple
  • auth_token Specify api token for authentication
  • auth_username Specify email address for authentication
  • auth_password Specify password for authentication
  • auth_2fa Specify two-factor auth token (otp) to use with email/password authentication
dnsmadeeasy
  • auth_username Specify username for authentication
  • auth_token Specify token for authentication
dnspark
  • auth_username Specify api key for authentication
  • auth_token Specify token for authentication
dnspod
  • auth_username Specify api id for authentication
  • auth_token Specify token for authentication
dreamhost
  • auth_token Specify api key for authentication
dynu
  • auth_token Specify api key for authentication
easydns
  • auth_username Specify username for authentication
  • auth_token Specify token for authentication
easyname
  • auth_username Specify username used to authenticate
  • auth_password Specify password used to authenticate
euserv
  • auth_username Specify email address for authentication
  • auth_password Specify password for authentication
exoscale
  • auth_key Specify api key for authentication
  • auth_secret Specify api secret for authentication
gandi
  • auth_token Specify gandi api key
  • api_protocol (optional) specify gandi api protocol to use: rpc (default) or rest
gehirn
  • auth_token Specify access token for authentication
  • auth_secret Specify access secret for authentication
glesys
  • auth_username Specify username (cl12345)
  • auth_token Specify api key
godaddy
  • auth_key Specify the key to access the api
  • auth_secret Specify the secret to access the api
googleclouddns
  • auth_service_account_info
    specify the service account info in the google json format: can be either the path of a file prefixed by ‘file::’ (eg. file::/tmp/service_account_info.json) or the base64 encoded content of this file prefixed by ‘base64::’ (eg. base64::eyjhbgcioyj…)
gransy
  • auth_username Specify username for authentication
  • auth_password Specify password for authentication
gratisdns
  • auth_username Specify email address for authentication
  • auth_password Specify password for authentication
henet
  • auth_username Specify username for authentication
  • auth_password Specify password for authentication
hetzner
  • auth_token Specify hetzner dns api token
hostingde
  • auth_token Specify api key for authentication
hover
  • auth_username Specify username for authentication
  • auth_password Specify password for authentication
infoblox
  • auth_user Specify the user to access the infoblox wapi
  • auth_psw Specify the password to access the infoblox wapi
  • ib_view Specify dns view to manage at the infoblox
  • ib_host Specify infoblox host exposing the wapi
infomaniak
  • auth_token Specify the token
internetbs
  • auth_key Specify api key for authentication
  • auth_password Specify password for authentication
inwx
  • auth_username Specify username for authentication
  • auth_password Specify password for authentication
joker
  • auth_token Specify the api key to connect to the joker.com api
linode
  • auth_token Specify api key for authentication
linode4
  • auth_token Specify api key for authentication
localzone
  • filename Specify location of zone master file
luadns
  • auth_username Specify email address for authentication
  • auth_token Specify token for authentication
memset
  • auth_token Specify api key for authentication
mythicbeasts
  • auth_username Specify api credentials username
  • auth_password Specify api credentials password
  • auth_token Specify api token for authentication
namecheap
  • auth_token Specify api token for authentication
  • auth_username Specify username for authentication
  • auth_client_ip Client ip address to send to namecheap api calls
  • auth_sandbox Whether to use the sandbox server
namesilo
  • auth_token Specify key for authentication
netcup
  • auth_customer_id Specify customer number for authentication
  • auth_api_key Specify api key for authentication
  • auth_api_password Specify api password for authentication
nfsn
  • auth_username Specify username used to authenticate
  • auth_token Specify token used to authenticate
njalla
  • auth_token Specify api token for authentication
nsone
  • auth_token Specify token for authentication
oci
  • auth_config_file The full path including filename to an oci configuration file.
  • auth_user The ocid of the user calling the api.
  • auth_tenancy The ocid of your tenancy.
  • auth_fingerprint The fingerprint for the public key that was added to the calling user.
  • auth_key_content The full content of the calling user’s private signing key in pem format.
  • auth_pass_phrase If the private key is encrypted, the pass phrase must be provided.
  • auth_region The home region of your tenancy.
  • auth_type Valid options are ‘api_key’ (default) or ‘instance_principal’.
onapp
  • auth_username Specify email address of the onapp account
  • auth_token Specify api key for the onapp account
  • auth_server Specify url to the onapp control panel server
online
  • auth_token Specify private api token
ovh
  • auth_entrypoint Specify the ovh entrypoint
  • auth_application_key Specify the application key
  • auth_application_secret Specify the application secret
  • auth_consumer_key Specify the consumer key
plesk
  • auth_username Specify username for authentication
  • auth_password Specify password for authentication
  • plesk_server Specify url to the plesk web ui, including the port
pointhq
  • auth_username Specify email address for authentication
  • auth_token Specify token for authentication
powerdns
  • auth_token Specify token for authentication
  • pdns_server Uri for powerdns server
  • pdns_server_id Server id to interact with
  • pdns_disable_notify Disable slave notifications from master
rackspace
  • auth_account Specify account number for authentication
  • auth_username Specify username for authentication. only used if –auth-token is empty.
  • auth_api_key Specify api key for authentication. only used if –auth-token is empty.
  • auth_token Specify token for authentication. if empty, the username and api key will be used to create a token.
  • sleep_time Number of seconds to wait between update requests.
rage4
  • auth_username Specify email address for authentication
  • auth_token Specify token for authentication
rcodezero
  • auth_token Specify token for authentication
route53
  • auth_access_key Specify access_key for authentication
  • auth_access_secret Specify access_secret for authentication
  • private_zone Indicates what kind of hosted zone to use. if true, use only private zones. if false, use only public zones
  • auth_username Alternative way to specify the access_key for authentication
  • auth_token Alternative way to specify the access_secret for authentication
safedns
  • auth_token Specify the api key to authenticate with
sakuracloud
  • auth_token Specify access token for authentication
  • auth_secret Specify access secret for authentication
softlayer
  • auth_username Specify username for authentication
  • auth_api_key Specify api private key for authentication
transip
  • auth_username Specify username for authentication
  • auth_api_key Specify api private key for authentication
ultradns
  • auth_token Specify token for authentication; if not set –auth-token, –auth-password are used
  • auth_username Specify username for authentication
  • auth_password Specify password for authentication
vercel
  • auth_token Specify your api token
vultr
  • auth_token Specify token for authentication
yandex
zeit
  • auth_token Specify your api token
zilore
  • auth_key Specify the zilore api key to use
zonomi
  • auth_token Specify token for authentication
  • auth_entrypoint Use zonomi or rimuhosting api

Passing provider options to Lexicon

There are three ways to pass a provider option to Lexicon (we suppose here that the provider option is named auth_token):

  • by CLI flag: set the flag --auth-token to Lexicon while invoking it, for instance:

    $ lexicon cloudflare create domain.net TXT --name foo --content bar --auth-token YOUR_TOKEN
    
  • by environment variable: set the environment variable LEXICON_CLOUDFLARE_AUTH_TOKEN, for instance:

    $ LEXICON_CLOUDFLARE_AUTH_TOKEN=YOUR_TOKEN cloudflare create domain.net TXT --name foo --content bar
    
  • by configuration file: construct a configuration file containing the provider options, for instance:

    $ cat /path/to/config/lexicon.yml
    cloudflare:
      auth_token: YOUR_TOKEN
    $ lexicon cloudflare create domain.net TXT --name foo --content bar --config-dir /path/to/config
    

    Note

    Lexicon will look for two types of configuration files in the provided path to --config-dir (current workdir by default): a general configuration file named lexicon.yml and a provider-specific configuration file named lexicon_[PROVIDER_NAME].yml.

    For a general configuration file, provider options need be set under a key named after the provider:

    # /path/to/config/lexicon.yml
    clouflare:
      auth_token: YOUR_TOKEN
    

    For a provider-specific configuration file, provider options need to be set at the root:

    # /path/to/config/lexicon_cloudflare.yml
    auth_token: YOUR_TOKEN
    

Passing general options to Lexicon

General options are options not specific to a provider, like delegated. They can be passed like the provider options (by CLI, by environment variable or by configuration file). Please note that for configuration file, options will be set at the root, and cannot be set in provider-specific configuration files.

# /path/to/config/lexicon.yml
delegated: domain.net
cloudflare:
  ...

The auto provider

The auto provider is a special provider. It resolves dynamically the actual provider to use based on the domain provided to Lexicon. To do so, it resolves the nameservers that serve the DNS zone for this domain, and find the relevant DNS provider based on an internal map that associates each DNS provider to its known nameservers.

Basically if domain.net is served by CloudFlare, and a TXT entry needs to be inserted in this domain, you can use the following command:

lexicon auto create domain.net TXT --name foo --content bar

The options specific to the actual provider that will be used still need to be set, by CLI flags, environment variables or configuration files. However for CLI, each option name will be prefixed with [ACTUAL_PROVIDER]- when passed to auto. For instance, the auth_token option for cloudflare will be passed using --cloudflare-auth-token.