gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0a2b65b913
secubox-openwrt/package/secubox/secubox-app-dns-provider/CONTINUE.md
CyberMind-FR 57db9cfb40 feat: Add device-intel and dns-provider packages 
Add 4 new packages implementing unified device intelligence and
DNS provider API management:

- secubox-app-dns-provider: dnsctl CLI with OVH, Gandi, Cloudflare
  adapters for DNS record CRUD, HAProxy vhost sync, propagation
  verification, and ACME DNS-01 wildcard certificate issuance
- luci-app-dns-provider: RPCD handler + LuCI views for provider
  settings and DNS record management
- secubox-app-device-intel: Aggregation layer merging mac-guardian,
  client-guardian, DHCP, P2P mesh, and exposure data with heuristic
  classification engine and USB/MQTT/Zigbee emulator modules
- luci-app-device-intel: RPCD handler + 5 LuCI views (dashboard,
  devices, emulators, mesh, settings) with shared API and CSS

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-04 15:47:20 +01:00

1.7 KiB
Raw Blame History

secubox-app-dns-provider — Continue / Next Steps

Immediate Next Steps

  1. Test on router: Deploy dnsctl + adapters, configure OVH/Gandi/Cloudflare credentials, verify CRUD operations
  2. Test LuCI views: Deploy RPCD handler + JS views, verify settings form saves correctly, test record operations from UI
  3. ACME DNS-01 integration: Wire dnsctl acme-dns01 into haproxyctl's certificate management flow

Phase 2: Additional Providers

  1. GoDaddy adapter (godaddy.sh): REST API with API Key + Secret, similar pattern to Cloudflare
  2. Namecheap adapter (namecheap.sh): XML API with API Key + IP whitelist
  3. Self-hosted relay: Local DNS server (dnsmasq or PowerDNS) that syncs records to upstream providers

Phase 3: Multi-Node DNS Mesh

  1. Mesh DNS announcement: Each secubox node announces its public IP and managed domains to P2P peers
  2. Dynamic DNS updater: Periodic public IP check + auto-update records when IP changes
  3. Reverse DNS: Provider API calls to configure PTR records
  4. DNS failover: Multi-provider configuration for redundancy

Phase 4: Decentralized DNS

  1. Blockchain anchoring: Anchor DNS records to ENS/Handshake for censorship resistance
  2. Peer DNS cache: Mesh nodes share DNS resolution cache
  3. Uncensored resolution: Fallback to mesh peer DNS when upstream resolvers are filtered

Integration Points

  • Device Intelligence: "Expose via DNS" action from device context → create DNS record + HAProxy vhost + ACME cert
  • HAProxy: Auto-sync vhosts to DNS when domains are configured
  • Exposure Engine: Link exposed services to DNS management
  • P2P Mesh: Federate DNS records across mesh nodes