Hi Peter Thomassen,
Since this is the background of the DNS query I find your suggestion a
valid solution for the problem that lego could implement.
I agree! Thanks for clearing this up, I was on the wrong track about
what the goal of that query was.
I looked at the pcap again - the one
On 3/25/23 14:04, Christoph wrote:
My understanding is that ACME is about whether there is a TXT RRset with the
challenge record; if it is not there, it's irrelevant whether the outcome is
NXDOMAIN or NODATA/NOERROR.
OK, now I understand where the misunderstanding comes from. Thanks for
>> However, I doubt this is a reasonable approach for your ACME
>> client.
Sounds like a simple enough solution to me, can you elaborate why
you doubt it is reasonable?
My understanding is that ACME is about whether there is a TXT RRset with
the challenge record; if it is not there, it's
On 3/25/23 11:44, Christoph wrote:
>> However, I doubt this is a reasonable approach for your ACME
>> client.
Sounds like a simple enough solution to me, can you elaborate why
you doubt it is reasonable?
My understanding is that ACME is about whether there is a TXT RRset with the
On Tue, 2023-03-21 at 16:57 +0100, Peter Thomassen via Pdns-users wrote:
> Well, if you ask for the xNAME (e.g. CNAME) record, then you'll get that
> (with a NOERROR code). So by issuing an xNAME query in addition to the record
> type you're interested in, you can learn whether the NXDOMAIN is
On 3/13/23 11:41, Chris Hofstaedtler | Deduktiva via Pdns-users wrote:
* Christoph [230312 19:52]:
When there is an xNAME chain, the RCODE field is set as follows:
When an xNAME chain is followed, all but the last query cycle
necessarily had no error. The RCODE in the
* Christoph [230312 19:52]:
> >When there is an xNAME chain, the RCODE field is set as follows:
> >
> > When an xNAME chain is followed, all but the last query cycle
> > necessarily had no error. The RCODE in the ultimate DNS response
> > MUST BE set based on the final
* Christoph via Pdns-users [230309 18:42]:
> Hi,
>
[cname chain where target name does not exist]
>
> Does this behavior meet RFC standards? (so lego is wrong?)
> Can the behavior be changed by a configuration setting?
RFC 6604 spells out the behaviour quite explicitly: