Re: [bitfolk] PowerDNS Secondary DNS for ACME Let's Encrypt Wildcard certificates

Hi William, On Wed, Dec 22, 2021 at 03:01:38PM +0000, William Wright wrote: How long are you pausing between inserting the record and checking for existence of the record? Have you confirmed by command line usage of the "nsupdate" tool or equivalent that you are able to: 1. Add a record in your powerdns (any record, just some silly TXT record for debugging) 2. See AXFR take place to a.authns.bitfolk.co.uk 3. Query the record you just added, from a.authns.bitfolk.co.uk? Debugging what the ACME DNS thing is doing can sometimes be tricky since it removes the records that it added. If you have doubt about the whole nsupdate process then it can be worth trying with a record you add yourself. When was the last time you tried an update? BitFolk last saw an update: 22-Dec-2021 14:05:29.575 general: info: zone m6wiq.uk/IN: Transfer started. 22-Dec-2021 14:05:29.576 xfer-in: info: transfer of 'm6wiq.uk/IN' from 85.119.82.174#53: connected using 85.119.80.222#47928 22-Dec-2021 14:05:29.590 general: info: zone m6wiq.uk/IN: transferred serial 2021121127 So by 14:05:29.590 a.authns.bitfolk.co.uk should be seeing (and serving) whatever update it was you made in serial 2021121127. Something I find odd is that your powerdns server at 85.119.82.174 has serial number 2021121140 but all the BitFolk servers have only 2021121127. You also list ns6.gandi.net which I assume is taking an AXFR from somewhere; that also only has serial 2021121127. I don't know if this is a problem particularly. I'm afraid that I lack experience with powerdns and dynamic DNS updates. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting