Anders Löwinger wrote:
> Ivan Avery Frey wrote:
> >
> >We are only using update to provision the acme challenge as described
> >by RFC 8555 8.4. Nothing else.
>
> Acme follows CNAMEs. I've redirected all challenges to my domains to a
> separate subdomain, which allows dynamic updates. Works
-- Originalmeddelande --
Från: "Ivan Avery Frey"
Till: "ML BIND Users"
Skickat: 2021-04-27 02:13:02
Ämne: Re: Configuring the location of named .jnl files
Hi Mark,
We are only using update to provision the acme challenge as described
by RFC 8555 8.4. Nothin
Hi Mark,
We are only using update to provision the acme challenge as described
by RFC 8555 8.4. Nothing else.
If certbot (the acme client) behaves as it should provisioning and
deprovisioning the resource record, then our zone file doesn't really
change.
I will ask my colleague why he feels our
Well if you are not allowed to update the zone file for “security reasons” then
allowing a journal to be written shouldn’t be allowed for the same “security
reasons”.
There is no difference between updating a zone file and updating a journal from
a
security perspective.
Additionally you will
Yes, I was using nsupdate to test my implementation. For security reasons
the directory that holds the zone file is readonly for named. So named
couldn't create its journal file there. I misinterpreted the reference
manual for the description of the "journal" command. Where it mentioned
that the
Ivan Avery Frey wrote:
> I'm trying to obtain certificates from Let's Encrypt using the DNS-01
> challenge method.
>
> I just want to confirm that there is no option to configure the
> directory for the .jnl files independently of the zone files.
You have had a bunch of helpful replies already,
edit your Subject line so it is more specific
> than "Re: Contents of bind-users digest..."
>
>
> Today's Topics:
>
>1. Re: Configuring the location of named .jnl files (Kevin Darcy)
>2. Re: Using RNDC to control remote access to my BIND server
> (Greg Dono
[ Classification Level: GENERAL BUSINESS ]
Ivan,
I've never done the Let's Encrypt thing myself, but from my skim
of the documentation, it appears they want you to place a TXT record in a
specific part of your domain's namespace hierarchy.
I sincerely hope you're not trying to write
Hi Ivan,
Visit [1] and search "journal" zone option. Similar as "file". At least
BIND 9.16 has support, it is also in man named.conf manual page in BIND
9.11. I think that is what you were looking for.
Regards,
Petr
1.
zone example {
…;
journal ;
};
> On 26 Apr 2021, at 09:38, Ivan Avery Frey wrote:
>
> I'm trying to obtain certificates from Let's Encrypt using the DNS-01
> challenge method.
>
> I just want to confirm that there is no option to configure the
> directory for the .jnl files
I'm trying to obtain certificates from Let's Encrypt using the DNS-01
challenge method.
I just want to confirm that there is no option to configure the
directory for the .jnl files independently of the zone files.
___
Please visit
11 matches
Mail list logo