)]}'
{
  "log": [
    {
      "commit": "e72b54f819a38afc6656b99010370d6f3d51c38e",
      "tree": "3da4dec10618aca7403f423005ba31ed8c3fae04",
      "parents": [
        "56f86a481e4ac0be5548c8337ea85c1af0561462"
      ],
      "author": {
        "name": "gio",
        "email": "gio@v1.dodo.cloud",
        "time": "Mon Apr 22 10:44:41 2024 +0400"
      },
      "committer": {
        "name": "gio",
        "email": "gio@v1.dodo.cloud",
        "time": "Tue Apr 30 16:15:43 2024 +0400"
      },
      "message": "DNS: run separate CoreDNS instance for each PCloud env.\n\nPreviously shared CoreDNS instance was used to handle all domains. This has multiple downsides, most important which is security. For example DNS-Sec keys of all domains were persisted on the same shared volume. Also key itself was generated by PCloud env-manager as part of bootstrapping new env. Which is counter to the main aspirations of PCloud, that environment internal private data must not leak outside of the environment.\n\nWith new approach implemented in this change, environment starts up it’s own CoreDNS and DNS record manager servers. Manager generates dns-sec keys internally and only exposes public information to the outside world. PCloud infrastructure runes another instance of CoreDNS which acts as a proxy service forwarding requests to individual environments based an requested domain.\n\nThis simplifies DNS based TLS challenge solvers, as private certificate issuer of each env will point directly to the DNS record manager of the same environment.\n\nChange-Id: Ifb0f36d2a133e3b53da22030cc7d6b9099136b3d\n"
    }
  ]
}