TXT with dot in NAME for ACME via dynamic update
Axel Rau
Axel.Rau at chaos1.de
Sat Mar 14 17:31:09 UTC 2020
> Am 14.03.2020 um 18:14 schrieb Chuck Aurora <ca at nodns4.us>:
>
>> it seems, the dynamic update protocol does not allow things like
>> _acme-challenge.some-host.some.domain TXT "tR0VhMRfb4v5WsctEgoD3aWNRJ73n2wqn9hlTPE9pA0"
>> because there is no zone
>> some-host.some.domain
>
> I am pretty sure that is not correct, but we can't help unless you
> show your work. If you need to specify the zone to update, you can
> and should. BIND's nsupdate(8) and other dynamic DNS clients allow
> you to do this.
With this file
- - -
server localhost
debug
zone lrau.net
ttl 3600
add _acme-challenge.imap.lrau.net. 3600 TXT "tR0VhMRfb4v5WsctEgoD3aWNRJ73n2wqn9hlTPE9pA0"
show
send
answer
- - -
I get:
- - -
# nsupdate -k /usr/local/etc/namedb/dns-keys/ddns-key.conf ~/admin/ns-update-example.txt
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; ZONE SECTION:
;lrau.net. IN SOA
;; UPDATE SECTION:
_acme-challenge.imap.lrau.net. 3600 IN TXT "tR0VhMRfb4v5WsctEgoD3aWNRJ73n2wqn9hlTPE9pA0"
Sending update to ::1#53
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 41111
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
;; ZONE SECTION:
;lrau.net. IN SOA
;; UPDATE SECTION:
_acme-challenge.imap.lrau.net. 3600 IN TXT "tR0VhMRfb4v5WsctEgoD3aWNRJ73n2wqn9hlTPE9pA0"
;; TSIG PSEUDOSECTION:
ddns-key. 0 ANY TSIG hmac-sha256. 1584206515 300 32 . . . 41111 NOERROR 0
Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 41111
;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; ZONE SECTION:
;lrau.net. IN SOA
;; TSIG PSEUDOSECTION:
ddns-key. 0 ANY TSIG hmac-sha256. 1584206515 300 32 . . . 41111 NOERROR 0
Answer:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 41111
;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; ZONE SECTION:
;lrau.net. IN SOA
;; TSIG PSEUDOSECTION:
ddns-key. 0 ANY TSIG hmac-sha256. 1584206515 300 32 . . . 41111 NOERROR 0
# dig _acme-challenge.imap.lrau.net. @localhost
; <<>> DiG 9.16.0 <<>> _acme-challenge.imap.lrau.net. @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6153
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 404b9f34e94920a4ef3dd3065e6d14308acdeabfe0744b88 (good)
;; QUESTION SECTION:
;_acme-challenge.imap.lrau.net. IN A
;; AUTHORITY SECTION:
lrau.net. 3600 IN SOA ns4.lrau.net. hostmaster.lrau.net. 2020030850 86400 7200 604800 3600
;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Sat Mar 14 17:28:16 UTC 2020
;; MSG SIZE rcvd: 145
(pki_dev_p37) [root at hermes /usr/local/py_venv/pki_dev_p37/src]#
Axel
---
PGP-Key: CDE74120 ☀ computing @ chaos claudius
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200314/d8e9ef99/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200314/d8e9ef99/attachment-0001.bin>
More information about the bind-users
mailing list