Re: Cannot get nsupdate to work (for letsencrypt acme.sh client)

> On 5 Aug 2020, at 13:12, Brett Delmage wrote: > > On Wed, 5 Aug 2020, Mark Andrews wrote: > >> Your key name usage is not consistent. acmesh-ottawatch != ottawatch-acmesh > > Thank you! Fixed and working. > >> Why are you adding `check-names warn;`? check-names does NOT apply to TXT >> r

Re: Cannot get nsupdate to work (for letsencrypt acme.sh client)

On Wed, 5 Aug 2020, Mark Andrews wrote: Your key name usage is not consistent. acmesh-ottawatch != ottawatch-acmesh Thank you! Fixed and working. Why are you adding `check-names warn;`? check-names does NOT apply to TXT records. Previously I was getting the error "bad owner name (check-n

Invalid class in dns query

Hi all, Looking for a temporary work around, while an issue gets resolved. I have a DNS query coming in with an invalid class requested (65 or 0x41). The workaround I’m looking for is one that just uses the IN class (1 or 0x01), if I have to duplicate all records required into “CLASS65” it could

Re: Cannot get nsupdate to work (for letsencrypt acme.sh client)

Thanks for full details. Your key name usage is not consistent. acmesh-ottawatch != ottawatch-acmesh Why are you adding `check-names warn;`? check-names does NOT apply to TXT records. Mark > On 5 Aug 2020, at 08:44, Brett Delmage wrote: > > I'm having a problem getting nsupdate to work, as

Cannot get nsupdate to work (for letsencrypt acme.sh client)

I'm having a problem getting nsupdate to work, as shown below. (Despite reading the man pages I'm not 100% clear about the exact scope of the grant options and it may not be right. Examples would be helpful.) I generated the key: ddns-confgen -k acmesh-ottawatch. -z ottawatch.ca # To activate

Re: CNAME restrictions

Thank you, -d surfaced the issue - now to decide what to do about it... From: bind-users on behalf of Kevin Darcy Sent: Tuesday, August 4, 2020 3:28 PM To: bind-users@lists.isc.org Subject: [EXTERNAL] Re: CNAME restrictions CAUTION: This email originated from

Re: CNAME restrictions

[ Classification Level: GENERAL BUSINESS ] Offhand, it looks like the server side is configured to only allow authenticated updates, but you're sending an unauthenticated one. A more nuanced issue might be if the ID you're running the nsupdate as, can't read the key files, so even though you may

Re: CNAME restrictions

On 04.08.20 17:29, Leroy Tennison wrote: I have a situation where, due to the system's location (IP subnet), its DNS name is ..datavoiceint.com. We have a certificate for *.datavoiceint.com which we prefer to use wildcard in certificates only covers one level of subdomains, so *.datavoiceint.c

CNAME restrictions

I have a situation where, due to the system's location (IP subnet), its DNS name is ..datavoiceint.com. We have a certificate for *.datavoiceint.com which we prefer to use instead of having to acquire a certificate for .datavoiceint.com since this is a one-off internal-only web server. Our (I