It looks like it worked. Your test is asking for A records, not the TXT records for the name. Try,
$ dig _acme-challenge.imap.lrau.net. txt @localhost On Sat, Mar 14, 2020 at 10:31 AM Axel Rau <axel....@chaos1.de> wrote: > > > Am 14.03.2020 um 18:14 schrieb Chuck Aurora <c...@nodns4.us>: > > it seems, the dynamic update protocol does not allow things like > _acme-challenge.some-host.some.domain TXT > "tR0VhMRfb4v5WsctEgoD3aWNRJ73n2wqn9hlTPE9pA0" > because there is no zone > some-host.some.domain > > > I am pretty sure that is not correct, but we can't help unless you > show your work. If you need to specify the zone to update, you can > and should. BIND's nsupdate(8) and other dynamic DNS clients allow > you to do this. > > > With this file > - - - > server localhost > debug > zone lrau.net > ttl 3600 > add _acme-challenge.imap.lrau.net. 3600 TXT > "tR0VhMRfb4v5WsctEgoD3aWNRJ73n2wqn9hlTPE9pA0" > show > send > answer > - - - > I get: > - - - > # nsupdate -k /usr/local/etc/namedb/dns-keys/ddns-key.conf > ~/admin/ns-update-example.txt > Outgoing update query: > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 > ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 > ;; ZONE SECTION: > ;lrau.net. IN SOA > > ;; UPDATE SECTION: > _acme-challenge.imap.lrau.net. 3600 IN TXT > "tR0VhMRfb4v5WsctEgoD3aWNRJ73n2wqn9hlTPE9pA0" > > Sending update to ::1#53 > Outgoing update query: > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 41111 > ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 > ;; ZONE SECTION: > ;lrau.net. IN SOA > > ;; UPDATE SECTION: > _acme-challenge.imap.lrau.net. 3600 IN TXT > "tR0VhMRfb4v5WsctEgoD3aWNRJ73n2wqn9hlTPE9pA0" > > ;; TSIG PSEUDOSECTION: > ddns-key. 0 ANY TSIG hmac-sha256. 1584206515 300 32 . . . 41111 NOERROR 0 > > > Reply from update query: > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 41111 > ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 > ;; ZONE SECTION: > ;lrau.net. IN SOA > > ;; TSIG PSEUDOSECTION: > ddns-key. 0 ANY TSIG hmac-sha256. 1584206515 300 32 . . . 41111 NOERROR 0 > > Answer: > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 41111 > ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 > ;; ZONE SECTION: > ;lrau.net. IN SOA > > ;; TSIG PSEUDOSECTION: > ddns-key. 0 ANY TSIG hmac-sha256. 1584206515 300 32 . . . 41111 NOERROR 0 > > # dig _acme-challenge.imap.lrau.net. @localhost > > ; <<>> DiG 9.16.0 <<>> _acme-challenge.imap.lrau.net. @localhost > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6153 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ; COOKIE: 404b9f34e94920a4ef3dd3065e6d14308acdeabfe0744b88 (good) > ;; QUESTION SECTION: > ;_acme-challenge.imap.lrau.net. IN A > > ;; AUTHORITY SECTION: > lrau.net. 3600 IN SOA ns4.lrau.net. hostmaster.lrau.net. 2020030850 86400 > 7200 604800 3600 > > ;; Query time: 0 msec > ;; SERVER: ::1#53(::1) > ;; WHEN: Sat Mar 14 17:28:16 UTC 2020 > ;; MSG SIZE rcvd: 145 > > (pki_dev_p37) [root@hermes /usr/local/py_venv/pki_dev_p37/src]# > > Axel > --- > PGP-Key: CDE74120 ☀ computing @ chaos claudius > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
