You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I use successfully dehydrated-hook-ddns-tsig with dns-01 challenge
When the server with dehydrated use a general purpose dns (/etc/resolv.conf) it works.
But, for convenience, I use a local DNS that override public IP of the service with its private IP or simply give a local name to an local (not visible on internet) service.
This allow the server with dehydrated (usually a SSL/TLS http reverse proxy) to use internal name to target local machines, it's more convenient and more meaningful in differents config files.
But if I use an local DNS, for some domain, the DNS check failed.
I think this is related to the verify_record() that use a list of nameserver computed by query_NS_record(). query_NS_record() look for NS record by querying the local resolution config i.e. /etc/resolv.conf.
As it is an internal DNS, NS record may not be consistent with what is expected by let's encrypt (I mean a public view of NS).
So far, I use an external general purpose DNS to solve the problem. It work but I do not have local DNS name anymore.
So I would like to add an optionnal parameter, let say name_server_ip_resolver that, if empty or not specified does not change the behaviour of dehydrated-hook-ddns-tsig.py, but if specified, this IP will be used in query_NS_record().
So that, my general system use local DNS defined in /etc/resolv.conf and if needed, dehydrated-hook-ddns-tsig.py use a different dns for verifying DNS records.
The text was updated successfully, but these errors were encountered:
I use successfully dehydrated-hook-ddns-tsig with dns-01 challenge
When the server with dehydrated use a general purpose dns (
/etc/resolv.conf) it works.But, for convenience, I use a local DNS that override public IP of the service with its private IP or simply give a local name to an local (not visible on internet) service.
This allow the server with dehydrated (usually a SSL/TLS http reverse proxy) to use internal name to target local machines, it's more convenient and more meaningful in differents config files.
But if I use an local DNS, for some domain, the DNS check failed.
I think this is related to the
verify_record()that use a list of nameserver computed byquery_NS_record().query_NS_record()look for NS record by querying the local resolution config i.e./etc/resolv.conf.As it is an internal DNS, NS record may not be consistent with what is expected by let's encrypt (I mean a public view of NS).
So far, I use an external general purpose DNS to solve the problem. It work but I do not have local DNS name anymore.
So I would like to add an optionnal parameter, let say
name_server_ip_resolverthat, if empty or not specified does not change the behaviour ofdehydrated-hook-ddns-tsig.py, but if specified, this IP will be used inquery_NS_record().So that, my general system use local DNS defined in
/etc/resolv.confand if needed,dehydrated-hook-ddns-tsig.pyuse a different dns for verifying DNS records.The text was updated successfully, but these errors were encountered: