starred/acme-dns
1
0
Fork 0
mirror of https://github.com/acme-dns/acme-dns.git synced 2026-04-27 04:45:48 +03:00
Code Issues 178 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #111] dynamic dns #44

New issue
Closed
opened 2026-03-13 15:31:10 +03:00 by kerem · 3 comments
kerem commented 2026-03-13 15:31:10 +03:00
Owner
Copy link

Originally created by @kfox1111 on GitHub (Sep 18, 2018).
Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/111

The acme-dns server seems to be responding to dynamic-dns requests in a way that makes it looks like it has accepted an update request. It doesn't seem to actually do so, but it confuses some security scanners into stating falsely that the server is honouring dynamic-dns requests. In the case of a dynamic-dns request, acme-dns should respond with RCODE REFUSED(5)

$ nsupdate
> server xxx.xxx.xxx.xxx 53
> update add foo.letsencrypt.example.com 86400 A 127.0.0.1
>  send
> quit
$ dig @xxx.xxx.xxx.xxx foo.letsencrypt.example.com

; <<>> DiG 9.4.2-P2 <<>> @xxx.xxx.xxx.xxx foo.letsencrypt.example.com
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id:
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;foo.letsencrypt.example.com.      IN      A

;; Query time: 77 msec
;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx)
;; WHEN: Tue Sep 18 18:40:01 2018
;; MSG SIZE  rcvd: 42
Originally created by @kfox1111 on GitHub (Sep 18, 2018). Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/111 The acme-dns server seems to be responding to dynamic-dns requests in a way that makes it looks like it has accepted an update request. It doesn't seem to actually do so, but it confuses some security scanners into stating falsely that the server is honouring dynamic-dns requests. In the case of a dynamic-dns request, acme-dns should respond with RCODE REFUSED(5) ``` $ nsupdate > server xxx.xxx.xxx.xxx 53 > update add foo.letsencrypt.example.com 86400 A 127.0.0.1 > send > quit $ dig @xxx.xxx.xxx.xxx foo.letsencrypt.example.com ; <<>> DiG 9.4.2-P2 <<>> @xxx.xxx.xxx.xxx foo.letsencrypt.example.com ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;foo.letsencrypt.example.com. IN A ;; Query time: 77 msec ;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx) ;; WHEN: Tue Sep 18 18:40:01 2018 ;; MSG SIZE rcvd: 42 ```
kerem 2026-03-13 15:31:10 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-03-13 15:31:26 +03:00
Author
Owner
Copy link

@joohoi commented on GitHub (Sep 21, 2018):

Oh, nice catch! I'll fix this.

<!-- gh-comment-id:423490440 --> @joohoi commented on GitHub (Sep 21, 2018): Oh, nice catch! I'll fix this.
kerem commented 2026-03-13 15:31:31 +03:00
Author
Owner
Copy link

@joohoi commented on GitHub (Oct 31, 2018):

This should be now fixed in master.

<!-- gh-comment-id:434677706 --> @joohoi commented on GitHub (Oct 31, 2018): This should be now fixed in master.
kerem commented 2026-03-13 15:31:36 +03:00
Author
Owner
Copy link

@kfox1111 commented on GitHub (Oct 31, 2018):

Great. Thank you. :)

<!-- gh-comment-id:434733375 --> @kfox1111 commented on GitHub (Oct 31, 2018): Great. Thank you. :)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
fix_dockerhub
dockerhub
readme2.0
goreleaser_action
refactoring
linter_update_config
update_deps_122
dependabot/go_modules/github.com/valyala/fasthttp-1.34.0
deps_bump
update_goreleaser
update_golint
deps_update
update_dockerfile
v2.0.2
v2.0.1
v2.0
v1.1
v1.0
v0.8
v0.7.2
v0.7.1
v0.7
v0.6
v0.5
v0.4
v0.3.2
v0.3.1
v0.3
v0.2
v0.1
Labels
Clear labels   
Documentation

   
Documentation

   
bug

   
enhancement

   
feature request

   
feature request

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
security

   
security

   
testing
No labels
Documentation
Documentation
bug
enhancement
feature request
feature request
help wanted
pull-request
question
security
security
testing
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/acme-dns#44
No description provided.