Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Usability improvements for dns-rfc2136 plugin #7206

Closed
jsha opened this issue Jun 28, 2019 · 3 comments · Fixed by #9424
Closed

Usability improvements for dns-rfc2136 plugin #7206

jsha opened this issue Jun 28, 2019 · 3 comments · Fixed by #9424
Labels
area: dns area: documentation area: ui / ux

Comments

@jsha
Copy link
Contributor

jsha commented Jun 28, 2019

This community thread points out two issues with the current plugin:

  • The name is confusing. Most people don't know what RFC2136 is. We should probably add an alias like dns-bind or dns-nsupdate (after the widely used CLI update tool).

  • The instructions to use dnssec-keygen should be replaced with tsig-keygen for Bind 9.13+. Though @joohoi pointed out on chat that most distros are still on Bind 9.11 so far.
@noci2012
Copy link
Contributor

bind is not the only server providing this service based on RFC2136.
PowerDNS should also support this.
dns-dyndns might be confusing as well as dyndns is also used for other servicees where someone can update only it's own record. mostly through specific other tools.

@alexzorin alexzorin mentioned this issue May 9, 2020
Closed
@stale
Copy link

stale bot commented Aug 14, 2020

We've made a lot of changes to Certbot since this issue was opened. If you still have this issue with an up-to-date version of Certbot, can you please add a comment letting us know? This helps us to better see what issues are still affecting our users. If there is no activity in the next 30 days, this issue will be automatically closed.

@stale stale bot added the needs-update label Aug 14, 2020
@mnordhoff
Copy link
Contributor

*pokes bot*

@stale stale bot removed the needs-update label Aug 14, 2020
@alexzorin alexzorin mentioned this issue Oct 4, 2022
Merged
@bmw bmw closed this as completed in #9424 Oct 17, 2022
bmw pushed a commit that referenced this issue Oct 17, 2022
@alexzorin
docs: use modern tsig-keygen util in certbot-dns-rfc2136 (#9424)
5270c34 
Fixes #7206.

I think it's about time we did this:

- `dnssec-keygen` on new distros doesn't support the HMAC algorithms anymore, so our instructions don't work.
- The oldest distros we support are Debian Buster (`9.11.5.P4+dfsg-5.1+deb10u7`) and CentOS 7 (`9.11.4-26.P2.el7_9.9`), which ship `tsig-keygen` and support `HMAC-SHA512`.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area: dns area: documentation area: ui / ux
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

docs: use modern tsig-keygen util in certbot-dns-rfc2136 certbot/certbot
4 participants
@jsha @mnordhoff @noci2012 @bmw