Bug#869255: [Letsencrypt-devel] Bug#869255: DNS: wait a bit longer when NXDOMAIN returned in response to challenges
Zitat von Paul Wise: Source: dehydrated Version: 0.3.1-3 Severity: wishlist X-Debbugs-Cc: debian-ad...@lists.debian.org User: debian-ad...@lists.debian.org Usertags: needed-by-DSA-Team DSA are using dehydrated and the DNS mode of it, via a cron job run under chronic. Occasionally we get mails containing failures like the one below. I suspect this is because the DNS update for the challenge hasn't synced to Debian's DNS providers by the time the LE servers do the request. It would be nice if the NXDOMAIN could trigger a retry after a certain amount of time, maybe 5 minutes. This would avoid us getting non-actionable mails for slight delays in DNS synchronisation. ouch, are you suggesting to fix a race condition by adding longer timeouts? anyhow, i've a hook-script for dehydrated in the NEW queue since about 1.5 months [1] that seems to fix this issue, by polling all DNS servers that are authoritative for the given NS entry *until* the relevant records show up. gmsdr IOhannes [1] https://ftp-master.debian.org/new/dehydrated-hook-ddns-tsig_0.1.1-1.html
Bug#869255: [Letsencrypt-devel] Bug#869255: DNS: wait a bit longer when NXDOMAIN returned in response to challenges
On Sat, 2017-07-22 at 16:33 +0200, Mattia Rizzolo wrote: > Forwarded the proposal upstream. Upstream suggests it is a bug in our hook script, so I guess this bug can be closed. https://github.com/lukas2511/dehydrated/issues/415#issuecomment-317188484 https://anonscm.debian.org/cgit/mirror/letsencrypt-domains.git/tree/bin/le-hook -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Bug#869255: [Letsencrypt-devel] Bug#869255: DNS: wait a bit longer when NXDOMAIN returned in response to challenges
Control: forwarded -1 https://github.com/lukas2511/dehydrated/issues/415 On Sat, Jul 22, 2017 at 02:09:38PM +1000, Paul Wise wrote: > It would be nice if the NXDOMAIN could trigger a retry > after a certain amount of time, maybe 5 minutes. Forwarded the proposal upstream. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature