-
This post is deleted! -
A general pfSEnse question ? Looks like a pfSense ACME package question to me
Overthere yo will find suggestions and/or even find the same questions, and answers.What have you set as a DNS Sleep delay ?
20 ? Or left empty ?
Make it at least '120' or so. And even bigger, like 300 (seconds) so you can check manually (use dig) if the slave DNS servers did sync up with the master.
Be aware : the nsupdate method (RFC2136) only inserts the TXT zone info into the master domain DNS server. When nsupdate finishes, the master DNS signals the slaves (at least 1, could be more) that a zone update is available. From then on, it's the domain DNS slave server will sync up with the master when it sees fit == this could be right away, or seconds or even minutes later.
The DNS sleep settings must be big enough, to be sure all your domain DNS are in sync.
After all, if some one, like Letsencrypt ^^ wants to check something in your domain name zone, like the TXT records it is looking for, it can use any DNS server : the slave(s), or the master (Letsencryopt probably checks all of them).Your master domain server uses 10.x.x.x is RCF1918 is locally hosted - is this correct ?
As soon as nsupdate finished, did you saw, after xx seconds, the (all of the) slave domain server contacting the DNS master to sync up ? (check dns server logs).
Did you dig your master DNS server to check if the added TXT record was present in the master domain DNS zone ? And after the master salve sync, same thing for your slave(s) ? -
S stephenw10 moved this topic from General pfSense Questions on
