with dot in NAME for ACME via dynamic update (Axel Rau)

Timothe Litt litt at acm.org
Sat Mar 14 18:21:35 UTC 2020


Er,

dig _acme-challenge.imap.lrau.net <http://acme-challenge.imap.lrau.net>.

is missing a record type.  The default is A.


dig _acme-challenge.imap.lrau.net <http://acme-challenge.imap.lrau.net>. txt

will likely give you better results

Timothe Litt
ACM Distinguished Engineer
--------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed. 

On 14-Mar-20 13:31, bind-users-request at lists.isc.org wrote:
> Am 14.03.2020 um 18:14 schrieb Chuck Aurora <ca at nodns4.us
> <mailto:ca at nodns4.us>>:
>
>> it seems, the dynamic update protocol does not allow things like
>> _acme-challenge.some-host.some.domain
>> TXT"tR0VhMRfb4v5WsctEgoD3aWNRJ73n2wqn9hlTPE9pA0"
>> because there is no zone
>> some-host.some.domain
>
> I am pretty sure that is not correct, but we can't help unless you
> show your work.  If you need to specify the zone to update, you can
> and should.  BIND's nsupdate(8) and other dynamic DNS clients allow
> you to do this.

With this file
- - -
server localhost
debug
zone lrau.net <http://lrau.net>
ttl 3600
add _acme-challenge.imap.lrau.net <http://acme-challenge.imap.lrau.net>.
 3600 TXT  "tR0VhMRfb4v5WsctEgoD3aWNRJ73n2wqn9hlTPE9pA0"
show
send
answer
- - -
I get:
- - -
# nsupdate -k /usr/local/etc/namedb/dns-keys/ddns-key.conf
~/admin/ns-update-example.txt
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; ZONE SECTION:
;lrau.net <http://lrau.net>.INSOA

;; UPDATE SECTION:
_acme-challenge.imap.lrau.net <http://acme-challenge.imap.lrau.net>.
3600 INTXT"tR0VhMRfb4v5WsctEgoD3aWNRJ73n2wqn9hlTPE9pA0"

Sending update to ::1#53
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  41111
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
;; ZONE SECTION:
;lrau.net <http://lrau.net>.INSOA

;; UPDATE SECTION:
_acme-challenge.imap.lrau.net <http://acme-challenge.imap.lrau.net>.
3600 INTXT"tR0VhMRfb4v5WsctEgoD3aWNRJ73n2wqn9hlTPE9pA0"

;; TSIG PSEUDOSECTION:
ddns-key.0ANYTSIGhmac-sha256. 1584206515 300 32 . . . 41111 NOERROR 0 


Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  41111
;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; ZONE SECTION:
;lrau.net <http://lrau.net>.INSOA

;; TSIG PSEUDOSECTION:
ddns-key.0ANYTSIGhmac-sha256. 1584206515 300 32 . . . 41111 NOERROR 0 

Answer:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  41111
;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; ZONE SECTION:
;lrau.net <http://lrau.net>.INSOA

;; TSIG PSEUDOSECTION:
ddns-key.0ANYTSIGhmac-sha256. 1584206515 300 32 . . . 41111 NOERROR 0 

# dig _acme-challenge.imap.lrau.net
<http://acme-challenge.imap.lrau.net>.  @localhost

; <<>> DiG 9.16.0 <<>> _acme-challenge.imap.lrau.net
<http://acme-challenge.imap.lrau.net>. @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6153
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 404b9f34e94920a4ef3dd3065e6d14308acdeabfe0744b88 (good)
;; QUESTION SECTION:
;_acme-challenge.imap.lrau.net <http://acme-challenge.imap.lrau.net>.INA

;; AUTHORITY SECTION:
lrau.net <http://lrau.net>.3600INSOAns4.lrau.net <http://ns4.lrau.net>.
hostmaster.lrau.net <http://hostmaster.lrau.net>. 2020030850 86400 7200
604800 3600

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Sat Mar 14 17:28:16 UTC 2020
;; MSG SIZE  rcvd: 145

(pki_dev_p37) [root at hermes /usr/local/py_venv/pki_dev_p37/src]# 

Axel
---
PGP-Key: CDE74120  ☀  computing @ chaos claudius
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200314/1c1fd235/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200314/1c1fd235/attachment-0001.bin>


More information about the bind-users mailing list