Hi Peter Thomassen,
Since this is the background of the DNS query I find your suggestion a
valid solution for the problem that lego could implement.
I agree! Thanks for clearing this up, I was on the wrong track about
what the goal of that query was.
I looked at the pcap again - the one you also have -
and it turns out that lego already asks for a CNAME - not TXT - record
and the answer is NXDOMAIN..
-------------
Domain Name System (response)
Transaction ID: 0xc277
Flags: 0x8183 Standard query response, No such name
Questions: 1
Answer RRs: 1
Authority RRs: 1
Additional RRs: 1
Queries
_acme-challenge.bender-doh.applied-privacy.net: type CNAME,<<<<
class IN
Name: _acme-challenge.bender-doh.applied-privacy.net
[Name Length: 46]
[Label Count: 4]
Type: CNAME (Canonical NAME for an alias) (5)
Class: IN (0x0001)
Answers
_acme-challenge.bender-doh.applied-privacy.net: type CNAME,
class IN, cname bender-doh.acme-dns-challenge.applied-privacy.net
Name: _acme-challenge.bender-doh.applied-privacy.net
Type: CNAME (Canonical NAME for an alias) (5)
Class: IN (0x0001)
Time to live: 86400 (1 day)
Data length: 32
CNAME: bender-doh.acme-dns-challenge.applied-privacy.net
Authoritative nameservers
Additional records
-------------
so now I suspect the recursive resolver (not pdns)
does something unexpected but I have to analyze
all recursive resolver DNS traffic before making
further conclusions.
thanks!
Christoph
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
