-
Notifications
You must be signed in to change notification settings - Fork 382
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DNS verification not working #823
Comments
Hi @jnob1 Can you tell me which '@' you removed? I'd like to reproduce this and fix Thanks Note: I currently have very little time to work on getssl due to work commitments |
Hi, 590c590
|
sorry, don't know why it formatted like that |
Removing the In the latter case, it would be interpreted by dig as a second query - e.g. for an A record for whatever it is. In both case,s without the No one will work on this without an actual reproducer. Show the debug output that includes the commands issued and the responses from Use There is nothing secret about domain names or nameservers on the public internet. Or this part of the debug output. (You do have to be careful about passwords & private keys, however.) This is like telling a mechanic "the car doesn't go, please fix it", without indicating where it is, what lights show on the dashboard, or what/whether you crashed into first... |
getssl debug output does not provide much insight other than seeing that dig returns an empty answer section 100 times. You are probably right, removing the @ simply had dig use my default resolv. $dig sun.com TXT @a.root-servers.net ; <<>> DiG 9.18.24-1-Debian <<>> sun.com TXT @a.root-servers.net ;; OPT PSEUDOSECTION: ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 20 msec $dig sun.com TXT ; <<>> DiG 9.18.24-1-Debian <<>> sun.com TXT ;; QUESTION SECTION: ;; ANSWER SECTION: ;; Query time: 4 msec |
What are you actually trying to do? What is (and isn't) happening? This is option 3 - the nameserver is valid, but does not provide recursion. The root servers will not return Note the ;; WARNING: recursion requested but not available from To resolve Without actually knowing what This is telling the above mechanic "I'm not telling you that, just fix the spark plugs. They don't spark when I put them on the kitchen table"... (How far can I stretch an analogy?) Seriously, if you want anyone to spend any time on this, you'll have to provide a lot more information. I'm not going to ask for it one drop at a time... I will tell you that the weird formatting in .3 is because this is Markdown, not a raw text box. To quote, use lines with 3 back-quotes (grave) above and below. Click the "Markdown is supported" below the comment text box for more info. @timkimber - there's no evidence of a bug here - yet. Tagging this |
Describe the bug
getssl was not obtaining the TXT record with dig even though running dig manually showed the correct value for the record.
To Reproduce
Steps to reproduce the behavior:
getssl.cfg with
VALIDATE_VIA_DNS=true
DNS_ADD_COMMAND=/usr/share/getssl/dns_scripts/dns_add_manual
DNS_DEL_COMMAND=/usr/share/getssl/dns_scripts/dns_del_manual
Expected behavior
script retrieves and extracts TXT record from DNS
Operating system (please complete the following information):
Additional context
Problem identified as there being an @ prefixing the root server name in the script.
Manually running dig with @ prefixing root server in fact does not return an Answer.
Code was modified to remove the @ and script then properly completed.
The text was updated successfully, but these errors were encountered: