Help with bind package and dynamic dns server by my own and ecme package
Hello, before all sorri about my english
I have two servers dns on primary and secondary pfsense, we need multidomain certificates with letsencrypt and we must validate our domain through dynamic dns and there is our doubt, we do not have access to external providers to our network to host the txt registry for validation or make a CNAME(maybe in future), and we want to do in our own pfsense dynamic server with bind package, I read but almost all the guides refer to configure pfsense as a client and using an external dynamic dns (noip, dyndns, ...) but not in the pfsense itself the package bind installed a dns2136 (maybe it is a problem of my interpretation) I read this article https://www.netgate.com/docs/pfsense/dns/rfc2136-dynamic-dns.html
I need to clarify since I have followed the steps but when I try to validate my domain to request the certificate I receive an error when trying to update the txt registry for my invalid TSIG domain.
I have created my key on Bind DNS Setting Global options.
then in the configuration of the ecme package I specify this key and it gives me the same error, am I omitting something? please clarify me.
if I have access to a free dynamic dns provider, I can create an alias to my domain, for example:
midominio.cu -> CNAME midominio.noipdns.com host my txt record in that dynamic provider only for validation ... excuse my ignorance I am new to this topic, my other question is how can I bind it in pfsense to make it dynamic and On that same server using the ecme package to validate and update the txt registry on the same server box.
regards and sorry about my english
Gertjan last edited by
To get you started : check out the link again. Read everything several times.
Using a script or program (like nsupdate) locally, or remotely, works great but every bit counts here : one slightest error and your ko.
The big hint is here https://www.netgate.com/docs/pfsense/dns/rfc2136-dynamic-dns.html - the last line :
And that should be it. Assuming the firewall has connectivity to the name server, and there are no other access policies that would prevent the update, RFC2136 DynDNS service is now working. Should anything not work as expected, check the system log and/or the log on the name server.
The last 6 six words will gie you the solution : check out bind's log files (they have to be set up of course).
They tell you how the update went, and what failed.