with dot in NAME for ACME via dynamic update (Axel Rau)
Timothe Litt
litt at acm.org
Sat Mar 14 18:21:35 UTC 2020
Er,
dig _acme-challenge.imap.lrau.net <http://acme-challenge.imap.lrau.net>.
is missing a record type. The default is A.
dig _acme-challenge.imap.lrau.net <http://acme-challenge.imap.lrau.net>. txt
will likely give you better results
Timothe Litt
ACM Distinguished Engineer
--------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed.
On 14-Mar-20 13:31, bind-users-request at lists.isc.org wrote:
> Am 14.03.2020 um 18:14 schrieb Chuck Aurora <ca at nodns4.us
> <mailto:ca at nodns4.us>>:
>
>> it seems, the dynamic update protocol does not allow things like
>> _acme-challenge.some-host.some.domain
>> TXT"tR0VhMRfb4v5WsctEgoD3aWNRJ73n2wqn9hlTPE9pA0"
>> because there is no zone
>> some-host.some.domain
>
> I am pretty sure that is not correct, but we can't help unless you
> show your work. If you need to specify the zone to update, you can
> and should. BIND's nsupdate(8) and other dynamic DNS clients allow
> you to do this.
With this file
- - -
server localhost
debug
zone lrau.net <http://lrau.net>
ttl 3600
add _acme-challenge.imap.lrau.net <http://acme-challenge.imap.lrau.net>.
3600 TXT "tR0VhMRfb4v5WsctEgoD3aWNRJ73n2wqn9hlTPE9pA0"
show
send
answer
- - -
I get:
- - -
# nsupdate -k /usr/local/etc/namedb/dns-keys/ddns-key.conf
~/admin/ns-update-example.txt
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; ZONE SECTION:
;lrau.net <http://lrau.net>.INSOA
;; UPDATE SECTION:
_acme-challenge.imap.lrau.net <http://acme-challenge.imap.lrau.net>.
3600 INTXT"tR0VhMRfb4v5WsctEgoD3aWNRJ73n2wqn9hlTPE9pA0"
Sending update to ::1#53
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 41111
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
;; ZONE SECTION:
;lrau.net <http://lrau.net>.INSOA
;; UPDATE SECTION:
_acme-challenge.imap.lrau.net <http://acme-challenge.imap.lrau.net>.
3600 INTXT"tR0VhMRfb4v5WsctEgoD3aWNRJ73n2wqn9hlTPE9pA0"
;; TSIG PSEUDOSECTION:
ddns-key.0ANYTSIGhmac-sha256. 1584206515 300 32 . . . 41111 NOERROR 0
Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 41111
;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; ZONE SECTION:
;lrau.net <http://lrau.net>.INSOA
;; TSIG PSEUDOSECTION:
ddns-key.0ANYTSIGhmac-sha256. 1584206515 300 32 . . . 41111 NOERROR 0
Answer:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 41111
;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; ZONE SECTION:
;lrau.net <http://lrau.net>.INSOA
;; TSIG PSEUDOSECTION:
ddns-key.0ANYTSIGhmac-sha256. 1584206515 300 32 . . . 41111 NOERROR 0
# dig _acme-challenge.imap.lrau.net
<http://acme-challenge.imap.lrau.net>. @localhost
; <<>> DiG 9.16.0 <<>> _acme-challenge.imap.lrau.net
<http://acme-challenge.imap.lrau.net>. @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6153
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 404b9f34e94920a4ef3dd3065e6d14308acdeabfe0744b88 (good)
;; QUESTION SECTION:
;_acme-challenge.imap.lrau.net <http://acme-challenge.imap.lrau.net>.INA
;; AUTHORITY SECTION:
lrau.net <http://lrau.net>.3600INSOAns4.lrau.net <http://ns4.lrau.net>.
hostmaster.lrau.net <http://hostmaster.lrau.net>. 2020030850 86400 7200
604800 3600
;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Sat Mar 14 17:28:16 UTC 2020
;; MSG SIZE rcvd: 145
(pki_dev_p37) [root at hermes /usr/local/py_venv/pki_dev_p37/src]#
Axel
---
PGP-Key: CDE74120 ☀ computing @ chaos claudius
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200314/1c1fd235/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200314/1c1fd235/attachment-0001.bin>
More information about the bind-users
mailing list