I agree with the others that have shared the opinion that this is outside of the scope of ACME and this WG.
In my opinion we shouldn't reinvent the wheel. With RFC 2138 (DynDNS) there > is already a protocol for clients to add/update/delete resource records on > DNS servers. Most DNS server softwares support RFC 2136 out of the box. We > just have to define a protocol to use (-> RFC 2136) in the ACME client. That's exactly right. At least one ACME client (Certbot) has been working on support for RFC 2136 (https://github.com/certbot/certbot/pull/4701) in addition to one-off provider specific DNS APIs. If you need a generic way to update DNS dynamically RFC 2138 is it. If your DNS provider doesn't support RFC 2136 it seems hard to imagine you could convince them to adopt a newly invented ACME DNS update scheme. - cpu On Mon, Jul 3, 2017 at 12:46 PM, Rene 'Renne' Bartsch, B.Sc. Informatics < [email protected]> wrote: > > > Am 03.07.2017 um 18:28 schrieb Salz, Rich: > >> For a fully automated validation process the ACME-client needs some kind >>> of >>> protocol/interface to add/update/remove the DNS challenge records on the >>> primare DNS server. >>> >> This is out of scope for our WG, but since we are looking at >> rechartering, it could be brought within scope. >> >> But I think programmatic maintenance of DNS records should probably be >> done within the DNS groups. >> > > In my opinion we shouldn't reinvent the wheel. With RFC 2138 (DynDNS) > there is already a protocol for clients to add/update/delete resource > records on DNS servers. Most DNS server softwares support RFC 2136 out of > the box. We just have to define a protocol to use (-> RFC 2136) in the ACME > client. > > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
