TXT with dot in NAME for ACME via dynamic update
Axel Rau
Axel.Rau at Chaos1.DE
Sat Mar 14 17:03:41 UTC 2020
Hi all,
it seems, the dynamic update protocol does not allow things like
_acme-challenge.some-host.some.domain TXT "tR0VhMRfb4v5WsctEgoD3aWNRJ73n2wqn9hlTPE9pA0"
because there is no zone
some-host.some.domain
However named accepts such constructs, if loaded from text zone file.
The problem is:
- bind requires for dynamic update with
dnssec-update-mode maintain
auto-dnssec maintain
both require dynamic DNS
- letsencrypt requires challenges like the above.
This makes it impossible to create automatic ACME clients with dns-01 challenge.
Does anybody have a workaround?
Thanks, Axel
---
PGP-Key: CDE74120 ☀ computing @ chaos claudius
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200314/54c52d69/attachment.bin>
More information about the bind-users
mailing list