On 2020-03-14 12:03, Axel Rau wrote:
it seems, the dynamic update protocol does not allow things like
_acme-challenge.some-host.some.domain
TXT "tR0VhMRfb4v5WsctEgoD3aWNRJ73n2wqn9hlTPE9pA0"
because there is no zone
some-host.some.domain
I am pretty sure that is not correct, but we can't help unless you
show your work. If you need to specify the zone to update, you can
and should. BIND's nsupdate(8) and other dynamic DNS clients allow
you to do this.
However named accepts such constructs, if loaded from text zone file.
Mind your trailing dot, however. :)
The problem is:
- bind requires for dynamic update with
dnssec-update-mode maintain
auto-dnssec maintain
both require dynamic DNS
- letsencrypt requires challenges like the above.
This makes it impossible to create automatic ACME clients with
dns-01 challenge.
Again, pretty sure you're wrong about this.
Does anybody have a workaround?
Show your work if you want help. Are you using nsupdate or some other
client? Show what you gave your client. Review the nsupdate(8) manual
for details on the input commands and format.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
