Hey,
>
> - domain.tld via bind, including _acme-challenge records set to
> acme.domain.tld
>
> - acme.domain.tld via MySQL
If somebody tries the same: subdelegation fixes it. Create a NS entry
for acme.domain.tld and PowerDNS will use the zone from MySQL.
Best Regards
Bjoern
__
Hi,
>
> 2. Given I set "launch=bind,gsqlite3", how does PDNS handle updates? I'd
> like to see API patches going only to the SQLite DB, and leave the
> BIND zone files untouched. Is that doable?
>
> A collegue of mine suggested delegating _acme-challenge subdomains to a
> dedicated DNS
On 08/07/2019 14:31, Dominik Menke wrote:
Just for clarification, in your example.com zone, you have an NS
record pointing to your "challenge DNS server", i.e.
_acme-challenge IN NS nsacme.example.org.
right? What about subdomains of example.com? Won't they need an NS
record a
Hi Kevin,
the lua-dnsupdate-policy-script sound like something I can use. Thanks
for the pointer.
Kind Regards,
Dominik Menke
On 7/8/19 12:18 PM, Kevin P. Fleming wrote:
It is not necessary to use the web/API server for DNS-01 challenges; I
use them all the time and don't have either of tho
Hi Brian,
On 7/8/19 12:17 PM, Brian Candler wrote:
To ease future TLS deployments, I'd like to use something like lego
[2] to get certificates from Let's Encrypt using the dns-01 challenge
[3]; which requires me to enable the web/api server.
Or you can use dynamic DNS updates with TSIG:
Tha
It is not necessary to use the web/API server for DNS-01 challenges; I
use them all the time and don't have either of those enabled. DNS-01
can use a variety of protocols for adding/removing the necessary TXT
records, and if you choose the RFC2136 protocol you can communicate
directly with the pdns
On 08/07/2019 10:43, Dominik Menke wrote:
To ease future TLS deployments, I'd like to use something like lego
[2] to get certificates from Let's Encrypt using the dns-01 challenge
[3]; which requires me to enable the web/api server.
Or you can use dynamic DNS updates with TSIG:
https://doc.po
Hi,
I'm currently running pdns 4.1.1 authorative server (from Ubuntu 18.04
repositories) in master/slave mode, and manage my zones via BIND backend
(using our own DSL, dnsgit [1]).
To ease future TLS deployments, I'd like to use something like lego [2]
to get certificates from Let's Encrypt
