On 08/07/2019 14:31, Dominik Menke wrote:
Just for clarification, in your example.com zone, you have an NS
record pointing to your "challenge DNS server", i.e.
_acme-challenge IN NS nsacme.example.org.
right? What about subdomains of example.com? Won't they need an NS
record a
Hi Kevin,
the lua-dnsupdate-policy-script sound like something I can use. Thanks
for the pointer.
Kind Regards,
Dominik Menke
On 7/8/19 12:18 PM, Kevin P. Fleming wrote:
It is not necessary to use the web/API server for DNS-01 challenges; I
use them all the time and don't have either of tho
Hi Brian,
On 7/8/19 12:17 PM, Brian Candler wrote:
To ease future TLS deployments, I'd like to use something like lego
[2] to get certificates from Let's Encrypt using the dns-01 challenge
[3]; which requires me to enable the web/api server.
Or you can use dynamic DNS updates with TSIG:
Tha
It is not necessary to use the web/API server for DNS-01 challenges; I
use them all the time and don't have either of those enabled. DNS-01
can use a variety of protocols for adding/removing the necessary TXT
records, and if you choose the RFC2136 protocol you can communicate
directly with the pdns
On 08/07/2019 10:43, Dominik Menke wrote:
To ease future TLS deployments, I'd like to use something like lego
[2] to get certificates from Let's Encrypt using the dns-01 challenge
[3]; which requires me to enable the web/api server.
Or you can use dynamic DNS updates with TSIG:
https://doc.po
Hi,
I'm currently running pdns 4.1.1 authorative server (from Ubuntu 18.04
repositories) in master/slave mode, and manage my zones via BIND backend
(using our own DSL, dnsgit [1]).
To ease future TLS deployments, I'd like to use something like lego [2]
to get certificates from Let's Encrypt
You could also accomplish this with something like ProxySQL or MariaDB MaxScale
sitting between PowerDNS and MySQL in order to transparently handle the
read/write splitting if you wanted to only have a single PowerDNS instance for
whatever reason.
Edward Dore
Freethought Internet
___
