TXT with dot in NAME for ACME via dynamic update
Crist Clark
cjc+bind-users at pumpky.net
Sat Mar 14 21:35:58 UTC 2020
It looks like it worked. Your test is asking for A records, not the TXT
records for the name. Try,
$ dig _acme-challenge.imap.lrau.net. txt @localhost
On Sat, Mar 14, 2020 at 10:31 AM Axel Rau <Axel.Rau at chaos1.de> wrote:
>
>
> Am 14.03.2020 um 18:14 schrieb Chuck Aurora <ca at nodns4.us>:
>
> it seems, the dynamic update protocol does not allow things like
> _acme-challenge.some-host.some.domain TXT
> "tR0VhMRfb4v5WsctEgoD3aWNRJ73n2wqn9hlTPE9pA0"
> because there is no zone
> some-host.some.domain
>
>
> I am pretty sure that is not correct, but we can't help unless you
> show your work. If you need to specify the zone to update, you can
> and should. BIND's nsupdate(8) and other dynamic DNS clients allow
> you to do this.
>
>
> With this file
> - - -
> server localhost
> debug
> zone lrau.net
> ttl 3600
> add _acme-challenge.imap.lrau.net. 3600 TXT
> "tR0VhMRfb4v5WsctEgoD3aWNRJ73n2wqn9hlTPE9pA0"
> show
> send
> answer
> - - -
> I get:
> - - -
> # nsupdate -k /usr/local/etc/namedb/dns-keys/ddns-key.conf
> ~/admin/ns-update-example.txt
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; ZONE SECTION:
> ;lrau.net. IN SOA
>
> ;; UPDATE SECTION:
> _acme-challenge.imap.lrau.net. 3600 IN TXT
> "tR0VhMRfb4v5WsctEgoD3aWNRJ73n2wqn9hlTPE9pA0"
>
> Sending update to ::1#53
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 41111
> ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
> ;; ZONE SECTION:
> ;lrau.net. IN SOA
>
> ;; UPDATE SECTION:
> _acme-challenge.imap.lrau.net. 3600 IN TXT
> "tR0VhMRfb4v5WsctEgoD3aWNRJ73n2wqn9hlTPE9pA0"
>
> ;; TSIG PSEUDOSECTION:
> ddns-key. 0 ANY TSIG hmac-sha256. 1584206515 300 32 . . . 41111 NOERROR 0
>
>
> Reply from update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 41111
> ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
> ;; ZONE SECTION:
> ;lrau.net. IN SOA
>
> ;; TSIG PSEUDOSECTION:
> ddns-key. 0 ANY TSIG hmac-sha256. 1584206515 300 32 . . . 41111 NOERROR 0
>
> Answer:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 41111
> ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
> ;; ZONE SECTION:
> ;lrau.net. IN SOA
>
> ;; TSIG PSEUDOSECTION:
> ddns-key. 0 ANY TSIG hmac-sha256. 1584206515 300 32 . . . 41111 NOERROR 0
>
> # dig _acme-challenge.imap.lrau.net. @localhost
>
> ; <<>> DiG 9.16.0 <<>> _acme-challenge.imap.lrau.net. @localhost
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6153
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; COOKIE: 404b9f34e94920a4ef3dd3065e6d14308acdeabfe0744b88 (good)
> ;; QUESTION SECTION:
> ;_acme-challenge.imap.lrau.net. IN A
>
> ;; AUTHORITY SECTION:
> lrau.net. 3600 IN SOA ns4.lrau.net. hostmaster.lrau.net. 2020030850 86400
> 7200 604800 3600
>
> ;; Query time: 0 msec
> ;; SERVER: ::1#53(::1)
> ;; WHEN: Sat Mar 14 17:28:16 UTC 2020
> ;; MSG SIZE rcvd: 145
>
> (pki_dev_p37) [root at hermes /usr/local/py_venv/pki_dev_p37/src]#
>
> Axel
> ---
> PGP-Key: CDE74120 ☀ computing @ chaos claudius
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200314/43a26379/attachment-0001.htm>
More information about the bind-users
mailing list