fornex.com API v.2.2.0 support

[zer0init1]

This is official script from Fornex.com Dev-Team https://github.com/fornex-com/

Bugs: #5161

[github-actions]

Welcome
First thing: don't send PR to the master branch, please send to the dev branch instead.
Please make sure you've read our DNS API Dev Guide and DNS-API-Test.
Then reply on this message, otherwise, your code will not be reviewed or merged.
We look forward to reviewing your Pull request shortly ✨
注意: 必须通过了 DNS-API-Test 才会被 review. 无论是修改, 还是新加的 dns api, 都必须确保通过这个测试.

[stenri]

New dns_fornex.sh doesn't correctly handle sub-domains, removes ALL TXT records from domain, and doesn't handle errors well enough.

[stenri]

This updated script doesn't work correctly with subdomains. For example, if I have thedomain.com domain with "host": "api" record:

{
    "name": "thedomain.com",
    "created": "...",
    "updated": "...",
    "tags": [],
    "entry_set": [
...
      {
        "id": <xxx>,
        "host": "api",
        "type": "A",
        "prio": null,
        "value": "xx.xx.xx.xx",
        "ttl": null
      },
...

and I want to renew certificate for api.thedomain.com, script fails, since _get_domain_id() incorrectly returns api.thedomain.com as _domain. And subsequent calls to DNS API return error that there is no such domain:

Getting domain ID for _acme-challenge.api.thedomain.com
api.thedomain.com/entry_set/
response='{"detail":"No Domain matches the given query."}'
Domain ID for api.thedomain.com is {"detail":"No Domain matches the given query."}
_domain_id='{"detail":"No Domain matches the given query."}'

Notice how previous version of the script uses while true; do loop to find a correct "root" domain to use.
New script must do the same.

[stenri]

Error handling is somehow incorrect here. In the case outlined above when a domain api.thedomain.com doesn't exist, but there is thedomain.com domain with "host": "api" record

{
    "name": "thedomain.com",
    "created": "...",
    "updated": "...",
    "tags": [],
    "entry_set": [
...
      {
        "id": <xxx>,
        "host": "api",
        "type": "A",
        "prio": null,
        "value": "xx.xx.xx.xx",
        "ttl": null
      },
...

this piece of code calls /api.thedomain.com/entry_set/, fornex DNS API 2.2.0 return error string:

No Domain matches the given query.

But script ignores this error, and goes on as if nothing happened:

Getting domain ID for _acme-challenge.api.thedomain.com
thedomain.com/entry_set/
response='{"detail":"No Domain matches the given query."}'
Domain ID for thedomain.com is {"detail":"No Domain matches the given query."}
_domain_id='{"detail":"No Domain matches the given query."}'

The script should handle this and other similar errors correctly, and terminate processing.

[stenri]

This is a total disaster! dns_fornex_rm() selects and removes ALL TXT records from a domain, regardless of what they contain and who created them. Bye-bye all marketing google-site-verification, yandex-verification and other such records!

Previous version of the script checked TXT record value and only deleted TXT records with the value that script previously added.

I would suggest at least check here that TXT record .host value starts with "_acme-challenge". I.e. use something like this:

  txt_ids=$(echo "$response" | jq -r '.[] | select(.type == "TXT") | select(.host | startswith("_acme-challenge")) | .id')

[stenri]

To work correctly with subdomains TXT record "host" value must be: _acme-challenge[.subdomain].
I.e. in the case when domain api.thedomain.com doesn't exist, but there is thedomain.com domain with "host": "api" record:

{
    "name": "thedomain.com",
    "created": "...",
    "updated": "...",
    "tags": [],
    "entry_set": [
...
      {
        "id": <xxx>,
        "host": "api",
        "type": "A",
        "prio": null,
        "value": "xx.xx.xx.xx",
        "ttl": null
      },
...

Script must create a TXT record with ".host" == "_acme-challenge.api" value, for example.
Script needs to be modified to account for this.