[Letsencrypt-devel] Bug#869255: Bug#869255: DNS: wait a bit longer when NXDOMAIN returned in response to challenges
zebian at umlaeute.mur.at
zebian at umlaeute.mur.at
Sat Jul 29 20:56:15 UTC 2017
Zitat von Paul Wise <pabs at debian.org>:
> Source: dehydrated
> Version: 0.3.1-3
> Severity: wishlist
> X-Debbugs-Cc: debian-admin at lists.debian.org
> User: debian-admin at lists.debian.org
> Usertags: needed-by-DSA-Team
>
> DSA are using dehydrated and the DNS mode of it, via a cron job run
> under chronic. Occasionally we get mails containing failures like the
> one below. I suspect this is because the DNS update for the challenge
> hasn't synced to Debian's DNS providers by the time the LE servers do
> the request. It would be nice if the NXDOMAIN could trigger a retry
> after a certain amount of time, maybe 5 minutes. This would avoid us
> getting non-actionable mails for slight delays in DNS synchronisation.
ouch, are you suggesting to fix a race condition by adding longer timeouts?
anyhow, i've a hook-script for dehydrated in the NEW queue since about
1.5 months [1] that seems to fix this issue, by polling all DNS
servers that are authoritative for the given NS entry *until* the
relevant records show up.
gmsdr
IOhannes
[1] https://ftp-master.debian.org/new/dehydrated-hook-ddns-tsig_0.1.1-1.html
More information about the Letsencrypt-devel
mailing list