DOKK / manpages / debian 12 / lexicon / lexicon.1.en
lexicon(1) User Commands lexicon(1)

lexicon - programmatically manipulate DNS records

This manual documents the tldextract command.

show this help message and exit
show the current version of lexicon
specify the delegated domain
specifies the domain provider to create, update, delete or list DNS entries for, from {cloudflare, cloudxns, digitalocean, dnsimple, dnsmadeeasy, dnspark, dnspod, easydns, luadns, namesilo, nsone, pointhq, rage4, route53, vultr, yandex, zonomi}

specifies the domain provider to create, update, delete or list DNS entries for, from {cloudflare, cloudxns, digitalocean, dnsimple, dnsmadeeasy, dnspark, dnspod, easydns, luadns, namesilo, nsone, pointhq, rage4, route53, vultr, yandex, zonomi}
specify the action to take, from {create, list, update, delete}
specify the domain to use, supports subdomains as well
specify the entry type, from {A, AAAA, CNAME, MX, NS, SPF, SOA, TXT, SRV, LOC}
print provider-specific help message and exit
specify the record name
specify the record content
specify the record time-to-live
specify the record priority
specify the record for update or delete actions
specify email address used to authenticate
specify token used authenticate

LEXICON_CLOUDFLARE_USERNAME="myusername@example.com" LEXICON_CLOUDFLARE_TOKEN="cloudflare-api-token"
lexicon cloudflare list example.com TXT
lexicon cloudflare create www.example.com TXT --name="_acme-challenge.www.example.com." --content="challenge token"
lexicon cloudflare delete www.example.com TXT --name="_acme-challenge.www.example.com." --content="challenge token"
lexicon cloudflare delete www.example.com TXT --identifier="cloudflare record id"

Most supported DNS services provide an API token, however each service implements authentication differently. Lexicon attempts to standardize authentication around the following CLI flags:

For DNS services that require it, this is usually the account id or email address
For DNS services that do not provide an API token, this is usually the account password
This is the most common auth method, the API token provided by the DNS service

You can see all the --auth-* flags for a specific service by reading the DNS service specific help:

lexicon cloudflare -h

Instead of providing Authentication information via the CLI, you can also specify them via Environmental Variables. Every DNS service and auth flag maps to an Environmental Variable as follows:

LEXICON_{DNS Provider Name}_{Auth Type}

So instead of specifying --auth-username and --auth-token flags when calling the cli, you could instead set the LEXICON_CLOUDFLARE_USERNAME and LEXICON_CLOUDFLARE_TOKEN environmental variables.

Lexicon has an example [dehydrated hook file](examples/dehydrated.default.sh) that you can use for any supported provider. All you need to do is set the PROVIDER env variable.

PROVIDER=cloudflare dehydrated --cron --hook dehydrated.default.sh --challenge dns-01

Lexicon can also be used with [Certbot](https://certbot.eff.org/) and the included [Certbot hook file](examples/certbot.default.sh) (requires configuration).

For more information about lexicon see https://github.com/AnalogJ/lexicon. This manpage was created by Ana Custura for the Debian project.

February 2018 lexicon