I've been working on a dynamic DNS script that would work with DynDNS, dnsomatic, and similar updaters.
I'm trying to understand zone ownership, and how it plays into API token permissions. When I first started with this script, things went well and aside from the script issues alone, things went without a problem. When I created the zone "remote.domain.com" I didn't want it linked to the account "domain.com" as I wanted it to persist. I created the zone, and did not associated it with an account. I created an API token with the following permissions:
Manage DNS Records manage-dns-records
Edit DNS Zones edit-dns
My script was working fine for a day an a half. But after some account deletions and additions, I noticed the script was no longer working correctly. I could list the domains, see the records in the zone, etc. but I could no longer edit the zone record and was getting a {"status":0,"statusmsg":"Permission Denied"} message from the API. After some investigation, I deleted the "remote.domain.com" zone, recreated it, and assigned it to the "domain.com" account. Magically, the updates were working again.
After looking into it a bit more, I noticed that if you do not assign a zone to an account, you get the message "Zone is owned by system" which seems to interact with the API differently than if you assign the zone to an account.
Is there some aspect of zone or API permissions that I'm missing perhaps? What are the implications to a zone being "owned by system"?
I'm trying to understand zone ownership, and how it plays into API token permissions. When I first started with this script, things went well and aside from the script issues alone, things went without a problem. When I created the zone "remote.domain.com" I didn't want it linked to the account "domain.com" as I wanted it to persist. I created the zone, and did not associated it with an account. I created an API token with the following permissions:
Manage DNS Records manage-dns-records
Edit DNS Zones edit-dns
My script was working fine for a day an a half. But after some account deletions and additions, I noticed the script was no longer working correctly. I could list the domains, see the records in the zone, etc. but I could no longer edit the zone record and was getting a {"status":0,"statusmsg":"Permission Denied"} message from the API. After some investigation, I deleted the "remote.domain.com" zone, recreated it, and assigned it to the "domain.com" account. Magically, the updates were working again.
After looking into it a bit more, I noticed that if you do not assign a zone to an account, you get the message "Zone is owned by system" which seems to interact with the API differently than if you assign the zone to an account.
Is there some aspect of zone or API permissions that I'm missing perhaps? What are the implications to a zone being "owned by system"?