I have Certbot configured with the RFC2136 (DNSUPDATE) plugin configured on a dozen machines, all of which send DNSUPDATE queries to my pdns-auth server; works perfectly. I created a TSIG key, configured the zones to allow that key, and enabled dynamic updates in the pdns-auth configuration. If you can use Certbot for this, it will be pretty easy to get working.
On Sun, Mar 1, 2020 at 3:40 PM Michael Rommel via Pdns-users <pdns-users@mailman.powerdns.com> wrote: > > On 1. Mar 2020, at 21:13, Brian Candler <b.cand...@pobox.com> wrote: > > Depends on what your letsencrypt software uses. I use the bind backend with > DDNS updates, with dehydrated. There are some sample challenge hooks for > dehydrated here, and I see all your options covered: > > One which uses DDNS updates: > https://github.com/dehydrated-io/dehydrated/wiki/example-dns-01-nsupdate-script > > One which uses the API: https://github.com/silkeh/pdns_api.sh > > One which uses mysql updates: > https://github.com/antoiner77/dehyrated-pdns/blob/master/pdns.sh > > Thanks - that is a good hint to look at dehydrated - I was vaguely aware of > the project, but haven't installed it since I scripted certbot. So from your > response I gather it is just a matter of preference, there are no real > drawbacks. So I will reseach the ddns updates further, since that is, what I > already implemented and it saves me from enabling the HTTP API, which would > increase complexity... > > To minimise the number of moving parts, I'd start by seeing if LUA records > can do what you want: > https://doc.powerdns.com/authoritative/lua-records/index.html > > I missed that part of the documentation or better skipped it, because I have > no experience with LUA, But if that gets me around running a backend, I'll > look deeper into that. > > There are existing functions for working with dynamic forward and reverse: > > https://doc.powerdns.com/authoritative/lua-records/functions.html#reverse-dns-functions > > The documentation says that createReverse with %5% will support the A-B-C-D > format you want; but createForward doesn't. Confusingly, there is a comment > in the code which says it does: > > if(parts.size()==1) { > // either hex string, or 12-13-14-15 > // cout<<parts[0]<<endl; > unsigned int x1, x2, x3, x4; > if(sscanf(parts[0].c_str()+2, "%02x%02x%02x%02x", &x1, &x2, &x3, > &x4)==4) { > return > std::to_string(x1)+"."+std::to_string(x2)+"."+std::to_string(x3)+"."+std::to_string(x4); > } > > > } > return std::string("0.0.0.0"); > }); > > ... but I can't see anything in the code which actually parses this format. > So either this is an oversight in the code, or the comment is wrong. It > looks like it would be a pretty straightforward feature to add. > > If there's no way round this, then you can use the full LUA backend instead: > https://doc.powerdns.com/authoritative/backends/lua2.html > > Nice! thanks for the pointer, Brian! > > Michael. > > -- > Michael Rommel, Erlangen, Germany > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
