Hi,
We wrote this: https://salsa.debian.org/openstack-team/services/designate-tlds
The interesting code bits are in: https://salsa.debian.org/openstack-team/services/designate-tlds/-/blob/debia...
What it does is download the TLD list from https://publicsuffix.org/list/public_suffix_list.dat using requests (with an optional proxy), compare it to the list of TLDs in Designate, and fix the difference.
It's by default setup in a cron every week. Basically, it's just apt-get install designate-tlds, configure keystone_authtoken in /etc/designate-tlds/designate-tlds.conf and set dry_run=false, and you're done! Note I also wrote a patch for puppet-designate [1] to support it.
Moving forward I see 2 solutions: 1- we continue to maintain this separately from Designate 2- our code gets integrated into Designate itself.
Designate team: are you interested for option 2?
Cheers,
Thomas Goirand (zigo)
[1] https://salsa.debian.org/openstack-team/puppet/puppet-module-designate/-/blo...