-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
domain_dns_challenge() - nsupdate of external DNS zones needs additional options #5
Comments
Hi @SDuesterhaupt, |
Hey @bruncsak, Hm, okay... maybe let's take a look from this side - I prefer your script because it provides the fundamental basements of the ACME protocol without any ballast. One script for the most essential functions within the ACME protocol. Nice. It's easy to analyze the script concerning the safety. I just added my preferred configuration around your script. Other solutions want to be the Wolf in sheep's clothing like you mentioned. The question is where you will see in the future the limits of your script concerning the functionality. In my opinion your script should just offer the basic functionality to fulfill the minimum requirements within a server environment. Therefore you need these three additional options 'Server', 'Zone' and optionally the 'TSIG key'. Optionally the script can provide an interface for a complexer DNS setup. Why not. So the code snippets are simply designed to fulfill the mimimum requirements. Everything I've offered here it just runs in my productive environment. I just want to share the results with you. |
My 2 cents, I suspect this will become a lot of code once you add in to not break things for anyone who does not need/have a tsig, does not need/want to set the zone etc. |
'nsupdate' without further options can run only on the DNS directly. Update accesses from external networks are refused generally.
The following adaptions in the function 'domain_dns_challenge()' allow the 'DNS challenge' on an external DNS server:
Additionally the following options have to be considered:
Call sequence:
The text was updated successfully, but these errors were encountered: