gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0a2b65b913
secubox-openwrt/package/secubox/secubox-app-dns-provider/CONTINUE.md
CyberMind-FR 57db9cfb40 feat: Add device-intel and dns-provider packages 
Add 4 new packages implementing unified device intelligence and
DNS provider API management:

- secubox-app-dns-provider: dnsctl CLI with OVH, Gandi, Cloudflare
  adapters for DNS record CRUD, HAProxy vhost sync, propagation
  verification, and ACME DNS-01 wildcard certificate issuance
- luci-app-dns-provider: RPCD handler + LuCI views for provider
  settings and DNS record management
- secubox-app-device-intel: Aggregation layer merging mac-guardian,
  client-guardian, DHCP, P2P mesh, and exposure data with heuristic
  classification engine and USB/MQTT/Zigbee emulator modules
- luci-app-device-intel: RPCD handler + 5 LuCI views (dashboard,
  devices, emulators, mesh, settings) with shared API and CSS

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-04 15:47:20 +01:00

34 lines
1.7 KiB
Markdown
Raw Blame History

# secubox-app-dns-provider — Continue / Next Steps
## Immediate Next Steps
1. **Test on router**: Deploy dnsctl + adapters, configure OVH/Gandi/Cloudflare credentials, verify CRUD operations
2. **Test LuCI views**: Deploy RPCD handler + JS views, verify settings form saves correctly, test record operations from UI
3. **ACME DNS-01 integration**: Wire `dnsctl acme-dns01` into haproxyctl's certificate management flow
## Phase 2: Additional Providers
4. **GoDaddy adapter** (`godaddy.sh`): REST API with API Key + Secret, similar pattern to Cloudflare
5. **Namecheap adapter** (`namecheap.sh`): XML API with API Key + IP whitelist
6. **Self-hosted relay**: Local DNS server (dnsmasq or PowerDNS) that syncs records to upstream providers
## Phase 3: Multi-Node DNS Mesh
7. **Mesh DNS announcement**: Each secubox node announces its public IP and managed domains to P2P peers
8. **Dynamic DNS updater**: Periodic public IP check + auto-update records when IP changes
9. **Reverse DNS**: Provider API calls to configure PTR records
10. **DNS failover**: Multi-provider configuration for redundancy
## Phase 4: Decentralized DNS
11. **Blockchain anchoring**: Anchor DNS records to ENS/Handshake for censorship resistance
12. **Peer DNS cache**: Mesh nodes share DNS resolution cache
13. **Uncensored resolution**: Fallback to mesh peer DNS when upstream resolvers are filtered
## Integration Points
- **Device Intelligence**: "Expose via DNS" action from device context → create DNS record + HAProxy vhost + ACME cert
- **HAProxy**: Auto-sync vhosts to DNS when domains are configured
- **Exposure Engine**: Link exposed services to DNS management
- **P2P Mesh**: Federate DNS records across mesh nodes
Reference in New Issue View Git Blame Copy Permalink