starred/acme-dns
1
0
Fork 0
mirror of https://github.com/acme-dns/acme-dns.git synced 2026-04-27 12:55:48 +03:00
Code Issues 178 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #195] acme-dns not listening to register api #86

New issue
Open
opened 2026-03-13 15:43:39 +03:00 by kerem · 11 comments
kerem commented 2026-03-13 15:43:39 +03:00
Owner
Copy link

Originally created by @rhufsky on GitHub (Nov 1, 2019).
Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/195

I have installed acme-dns on Ubuntu 18.04 on a server that runs in a DMZ behind a firewall. Only port 53 is exposed to the outside. So far I have

  • a subdomain sc.ourdomain.tld
  • an A record for sc.ourdomain.tld that points to the public address of our acme-dns server
  • NO CNAME record that points to a txt record
  • hopefully everything on acme-dns

When I start acme-dns I can verify that it acts as a DNS server from both inside the DMZ and from the internet.

When I try to call the register API I get no answer. acme-dns does not seem to listen on port 80 or port 443.

Watching syslog I find that acme-dns tries to get a certificate from letsencrypt. This does not work because the CNAME record is missing.

As I can not call the register API I cannot create the CNAME record. So I am a bit stuck. Did I miss something?

Originally created by @rhufsky on GitHub (Nov 1, 2019). Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/195 I have installed acme-dns on Ubuntu 18.04 on a server that runs in a DMZ behind a firewall. Only port 53 is exposed to the outside. So far I have - a subdomain sc.ourdomain.tld - an A record for sc.ourdomain.tld that points to the public address of our acme-dns server - NO CNAME record that points to a txt record - hopefully everything on acme-dns When I start acme-dns I can verify that it acts as a DNS server from both inside the DMZ and from the internet. When I try to call the register API I get no answer. acme-dns does not seem to listen on port 80 or port 443. Watching syslog I find that acme-dns tries to get a certificate from letsencrypt. This does not work because the CNAME record is missing. As I can not call the register API I cannot create the CNAME record. So I am a bit stuck. Did I miss something?
kerem commented 2026-03-13 15:43:45 +03:00
Author
Owner
Copy link

@joohoi commented on GitHub (Nov 2, 2019):

Hi! From your writeup it seems that you're missing the crucial NS record for the domain. The CNAME is not needed for acme-dns instance itself as it handles all that internally.

<!-- gh-comment-id:549021972 --> @joohoi commented on GitHub (Nov 2, 2019): Hi! From your writeup it seems that you're missing the crucial NS record for the domain. The CNAME is not needed for acme-dns instance itself as it handles all that internally.
kerem commented 2026-03-13 15:43:50 +03:00
Author
Owner
Copy link

@rhufsky commented on GitHub (Nov 2, 2019):

Thanks for the quick answer.

A bit of forensic seems to tell me that yes, I have the crucial NS record, but no, our DNS provider does not forward the queries to acme-dns -> recursion requested but not available.

<!-- gh-comment-id:549027002 --> @rhufsky commented on GitHub (Nov 2, 2019): Thanks for the quick answer. A bit of forensic seems to tell me that yes, I have the crucial NS record, but no, our DNS provider does not forward the queries to acme-dns -> recursion requested but not available.
kerem commented 2026-03-13 15:43:55 +03:00
Author
Owner
Copy link

@pdavisfmnh commented on GitHub (Dec 1, 2019):

I'm having the same issue, I think. I can't start acme-dns as it fails to obtain its own certificate.

INFO[0000] Using config file                             file=/etc/acme-dns/config.cfg
INFO[0000] Connected to database                        
DEBU[0000] Adding new record to domain                   domain=acme.fieldmuseum.org. recordtype=A
DEBU[0000] Adding new record to domain                   domain=acme.fieldmuseum.org. recordtype=NS
DEBU[0000] Adding new record to domain                   domain=acme.fieldmuseum.org. recordtype=SOA
INFO[0000] Listening DNS                                 addr="0.0.0.0:53" proto=udp4
INFO[0000] Listening DNS                                 addr="0.0.0.0:53" proto=tcp4
INFO[0000] 2019/11/30 20:07:10 [INFO][cache:0xc0000b04b0] Started certificate maintenance routine 
INFO[0000] 2019/11/30 20:07:11 [INFO][acme.fieldmuseum.org] Obtain certificate 
INFO[0000] 2019/11/30 20:07:11 [INFO][acme.fieldmuseum.org] Obtain: Waiting on rate limiter... 
INFO[0000] 2019/11/30 20:07:11 [INFO][acme.fieldmuseum.org] Obtain: Done waiting 
INFO[0000] [INFO] [acme.fieldmuseum.org] acme: Obtaining bundled SAN certificate 
INFO[0000] [INFO] [acme.fieldmuseum.org] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/24407058 
INFO[0000] [INFO] [acme.fieldmuseum.org] acme: Could not find solver for: tls-alpn-01 
INFO[0000] [INFO] [acme.fieldmuseum.org] acme: Could not find solver for: http-01 
INFO[0000] [INFO] [acme.fieldmuseum.org] acme: use dns-01 solver 
INFO[0000] [INFO] [acme.fieldmuseum.org] acme: Preparing to solve DNS-01 
INFO[0000] [INFO] [acme.fieldmuseum.org] acme: Trying to solve DNS-01 
INFO[0000] [INFO] [acme.fieldmuseum.org] acme: Checking DNS record propagation using [10.10.10.122:53 10.10.10.15:53] 
INFO[0000] [INFO] Wait for propagation [timeout: 1m0s, interval: 2s] 
INFO[0005] [INFO] [acme.fieldmuseum.org] acme: Cleaning DNS-01 challenge 
INFO[0005] [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/24407058 
INFO[0005] [INFO] Unable to deactivate the authorization: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/24407058 
INFO[0005] 2019/11/30 20:07:16 [ERROR][acme.fieldmuseum.org] failed to obtain certificate: acme: Error -> One or more domains had a problem: 
INFO[0005] [acme.fieldmuseum.org] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.acme.fieldmuseum.org, url: (attempt 1/3; challenge=dns-01) 
INFO[0006] [INFO] [acme.fieldmuseum.org] acme: Obtaining bundled SAN certificate 
INFO[0006] [INFO] [acme.fieldmuseum.org] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/24407069 
INFO[0006] [INFO] [acme.fieldmuseum.org] acme: Could not find solver for: tls-alpn-01 
INFO[0006] [INFO] [acme.fieldmuseum.org] acme: Could not find solver for: http-01 
INFO[0006] [INFO] [acme.fieldmuseum.org] acme: use dns-01 solver 
INFO[0006] [INFO] [acme.fieldmuseum.org] acme: Preparing to solve DNS-01 
INFO[0006] [INFO] [acme.fieldmuseum.org] acme: Trying to solve DNS-01 
INFO[0006] [INFO] [acme.fieldmuseum.org] acme: Checking DNS record propagation using [10.10.10.122:53 10.10.10.15:53] 
INFO[0006] [INFO] Wait for propagation [timeout: 1m0s, interval: 2s] 
INFO[0006] [INFO] [acme.fieldmuseum.org] acme: Cleaning DNS-01 challenge 
INFO[0007] [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/24407069 
INFO[0007] [INFO] Unable to deactivate the authorization: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/24407069 
INFO[0007] 2019/11/30 20:07:18 [ERROR][acme.fieldmuseum.org] failed to obtain certificate: acme: Error -> One or more domains had a problem: 
INFO[0007] [acme.fieldmuseum.org] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.acme.fieldmuseum.org, url: (attempt 2/3; challenge=dns-01) 
INFO[0008] [INFO] [acme.fieldmuseum.org] acme: Obtaining bundled SAN certificate 
INFO[0008] [INFO] [acme.fieldmuseum.org] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/24407080 
INFO[0008] [INFO] [acme.fieldmuseum.org] acme: Could not find solver for: tls-alpn-01 
INFO[0008] [INFO] [acme.fieldmuseum.org] acme: Could not find solver for: http-01 
INFO[0008] [INFO] [acme.fieldmuseum.org] acme: use dns-01 solver 
INFO[0008] [INFO] [acme.fieldmuseum.org] acme: Preparing to solve DNS-01 
INFO[0008] [INFO] [acme.fieldmuseum.org] acme: Trying to solve DNS-01 
INFO[0008] [INFO] [acme.fieldmuseum.org] acme: Checking DNS record propagation using [10.10.10.122:53 10.10.10.15:53] 
INFO[0008] [INFO] Wait for propagation [timeout: 1m0s, interval: 2s] 
INFO[0013] [INFO] [acme.fieldmuseum.org] acme: Cleaning DNS-01 challenge 
INFO[0013] [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/24407080 
INFO[0013] [INFO] Unable to deactivate the authorization: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/24407080 
INFO[0013] 2019/11/30 20:07:24 [ERROR][acme.fieldmuseum.org] failed to obtain certificate: acme: Error -> One or more domains had a problem: 
INFO[0013] [acme.fieldmuseum.org] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.acme.fieldmuseum.org, url: (attempt 3/3; challenge=dns-01) 
FATA[0014] acme.fieldmuseum.org: obtaining certificate: failed to obtain certificate: acme: Error -> One or more domains had a problem:
[acme.fieldmuseum.org] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.acme.fieldmuseum.org, url:

I never see it respond to DNS queries for TXT records on the main while attempting to get its certificate. So it should be responding to all *.acme.fieldmuseum.org requests, right?
If I use a DNS checking tool while it is starting up for _acme-challenge.acme.fieldmuseum.org I see DEBUG comments from the DNS server.

DEBU[0014] Answering question for domain                 domain=_acme-challenge.acme.fieldmuseum.org. qtype=TXT rcode=NOERROR
DEBU[0014] Answering question for domain                 domain=_acme-challenge.acme.fieldmuseum.org. qtype=TXT rcode=NOERROR

So I'm at a lost on where the breakdown is in my setup.

<!-- gh-comment-id:560042068 --> @pdavisfmnh commented on GitHub (Dec 1, 2019): I'm having the same issue, I think. I can't start acme-dns as it fails to obtain its own certificate. ``` INFO[0000] Using config file file=/etc/acme-dns/config.cfg INFO[0000] Connected to database DEBU[0000] Adding new record to domain domain=acme.fieldmuseum.org. recordtype=A DEBU[0000] Adding new record to domain domain=acme.fieldmuseum.org. recordtype=NS DEBU[0000] Adding new record to domain domain=acme.fieldmuseum.org. recordtype=SOA INFO[0000] Listening DNS addr="0.0.0.0:53" proto=udp4 INFO[0000] Listening DNS addr="0.0.0.0:53" proto=tcp4 INFO[0000] 2019/11/30 20:07:10 [INFO][cache:0xc0000b04b0] Started certificate maintenance routine INFO[0000] 2019/11/30 20:07:11 [INFO][acme.fieldmuseum.org] Obtain certificate INFO[0000] 2019/11/30 20:07:11 [INFO][acme.fieldmuseum.org] Obtain: Waiting on rate limiter... INFO[0000] 2019/11/30 20:07:11 [INFO][acme.fieldmuseum.org] Obtain: Done waiting INFO[0000] [INFO] [acme.fieldmuseum.org] acme: Obtaining bundled SAN certificate INFO[0000] [INFO] [acme.fieldmuseum.org] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/24407058 INFO[0000] [INFO] [acme.fieldmuseum.org] acme: Could not find solver for: tls-alpn-01 INFO[0000] [INFO] [acme.fieldmuseum.org] acme: Could not find solver for: http-01 INFO[0000] [INFO] [acme.fieldmuseum.org] acme: use dns-01 solver INFO[0000] [INFO] [acme.fieldmuseum.org] acme: Preparing to solve DNS-01 INFO[0000] [INFO] [acme.fieldmuseum.org] acme: Trying to solve DNS-01 INFO[0000] [INFO] [acme.fieldmuseum.org] acme: Checking DNS record propagation using [10.10.10.122:53 10.10.10.15:53] INFO[0000] [INFO] Wait for propagation [timeout: 1m0s, interval: 2s] INFO[0005] [INFO] [acme.fieldmuseum.org] acme: Cleaning DNS-01 challenge INFO[0005] [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/24407058 INFO[0005] [INFO] Unable to deactivate the authorization: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/24407058 INFO[0005] 2019/11/30 20:07:16 [ERROR][acme.fieldmuseum.org] failed to obtain certificate: acme: Error -> One or more domains had a problem: INFO[0005] [acme.fieldmuseum.org] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.acme.fieldmuseum.org, url: (attempt 1/3; challenge=dns-01) INFO[0006] [INFO] [acme.fieldmuseum.org] acme: Obtaining bundled SAN certificate INFO[0006] [INFO] [acme.fieldmuseum.org] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/24407069 INFO[0006] [INFO] [acme.fieldmuseum.org] acme: Could not find solver for: tls-alpn-01 INFO[0006] [INFO] [acme.fieldmuseum.org] acme: Could not find solver for: http-01 INFO[0006] [INFO] [acme.fieldmuseum.org] acme: use dns-01 solver INFO[0006] [INFO] [acme.fieldmuseum.org] acme: Preparing to solve DNS-01 INFO[0006] [INFO] [acme.fieldmuseum.org] acme: Trying to solve DNS-01 INFO[0006] [INFO] [acme.fieldmuseum.org] acme: Checking DNS record propagation using [10.10.10.122:53 10.10.10.15:53] INFO[0006] [INFO] Wait for propagation [timeout: 1m0s, interval: 2s] INFO[0006] [INFO] [acme.fieldmuseum.org] acme: Cleaning DNS-01 challenge INFO[0007] [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/24407069 INFO[0007] [INFO] Unable to deactivate the authorization: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/24407069 INFO[0007] 2019/11/30 20:07:18 [ERROR][acme.fieldmuseum.org] failed to obtain certificate: acme: Error -> One or more domains had a problem: INFO[0007] [acme.fieldmuseum.org] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.acme.fieldmuseum.org, url: (attempt 2/3; challenge=dns-01) INFO[0008] [INFO] [acme.fieldmuseum.org] acme: Obtaining bundled SAN certificate INFO[0008] [INFO] [acme.fieldmuseum.org] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/24407080 INFO[0008] [INFO] [acme.fieldmuseum.org] acme: Could not find solver for: tls-alpn-01 INFO[0008] [INFO] [acme.fieldmuseum.org] acme: Could not find solver for: http-01 INFO[0008] [INFO] [acme.fieldmuseum.org] acme: use dns-01 solver INFO[0008] [INFO] [acme.fieldmuseum.org] acme: Preparing to solve DNS-01 INFO[0008] [INFO] [acme.fieldmuseum.org] acme: Trying to solve DNS-01 INFO[0008] [INFO] [acme.fieldmuseum.org] acme: Checking DNS record propagation using [10.10.10.122:53 10.10.10.15:53] INFO[0008] [INFO] Wait for propagation [timeout: 1m0s, interval: 2s] INFO[0013] [INFO] [acme.fieldmuseum.org] acme: Cleaning DNS-01 challenge INFO[0013] [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/24407080 INFO[0013] [INFO] Unable to deactivate the authorization: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/24407080 INFO[0013] 2019/11/30 20:07:24 [ERROR][acme.fieldmuseum.org] failed to obtain certificate: acme: Error -> One or more domains had a problem: INFO[0013] [acme.fieldmuseum.org] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.acme.fieldmuseum.org, url: (attempt 3/3; challenge=dns-01) FATA[0014] acme.fieldmuseum.org: obtaining certificate: failed to obtain certificate: acme: Error -> One or more domains had a problem: [acme.fieldmuseum.org] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.acme.fieldmuseum.org, url: ``` I never see it respond to DNS queries for TXT records on the main while attempting to get its certificate. So it should be responding to all *.acme.fieldmuseum.org requests, right? If I use a DNS checking tool while it is starting up for _acme-challenge.acme.fieldmuseum.org I see DEBUG comments from the DNS server. ``` DEBU[0014] Answering question for domain domain=_acme-challenge.acme.fieldmuseum.org. qtype=TXT rcode=NOERROR DEBU[0014] Answering question for domain domain=_acme-challenge.acme.fieldmuseum.org. qtype=TXT rcode=NOERROR ``` So I'm at a lost on where the breakdown is in my setup.
kerem commented 2026-03-13 15:44:00 +03:00
Author
Owner
Copy link

@joohoi commented on GitHub (Dec 2, 2019):

@pdavisfmnh is acme-dns serving the records for ns1.acme.fieldmuseum.org and ns2.acme.fieldmuseum.org correctly? Currently it doesn't look like it does, only ns2.acme.fieldmuseum.org resolves:

▶ dig acme.fieldmuseum.org ns

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> acme.fieldmuseum.org ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13212
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;acme.fieldmuseum.org.		IN	NS

;; ANSWER SECTION:
acme.fieldmuseum.org.	3600	IN	NS	ns1.acme.fieldmuseum.org.
acme.fieldmuseum.org.	3600	IN	NS	ns2.acme.fieldmuseum.org.

;; Query time: 278 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Dec 02 20:41:07 EET 2019
;; MSG SIZE  rcvd: 85

▶ dig ns1.acme.fieldmuseum.org 

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> ns1.acme.fieldmuseum.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40189
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;ns1.acme.fieldmuseum.org.	IN	A

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Dec 02 20:43:59 EET 2019
;; MSG SIZE  rcvd: 53

▶ dig ns2.acme.fieldmuseum.org

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> ns2.acme.fieldmuseum.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19057
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;ns2.acme.fieldmuseum.org.	IN	A

;; ANSWER SECTION:
ns2.acme.fieldmuseum.org. 3420	IN	A	107.0.125.101

;; Query time: 22 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Dec 02 20:44:15 EET 2019
;; MSG SIZE  rcvd: 69
<!-- gh-comment-id:560527152 --> @joohoi commented on GitHub (Dec 2, 2019): @pdavisfmnh is `acme-dns` serving the records for `ns1.acme.fieldmuseum.org` and `ns2.acme.fieldmuseum.org` correctly? Currently it doesn't look like it does, only `ns2.acme.fieldmuseum.org` resolves: ``` ▶ dig acme.fieldmuseum.org ns ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> acme.fieldmuseum.org ns ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13212 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;acme.fieldmuseum.org. IN NS ;; ANSWER SECTION: acme.fieldmuseum.org. 3600 IN NS ns1.acme.fieldmuseum.org. acme.fieldmuseum.org. 3600 IN NS ns2.acme.fieldmuseum.org. ;; Query time: 278 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Mon Dec 02 20:41:07 EET 2019 ;; MSG SIZE rcvd: 85 ▶ dig ns1.acme.fieldmuseum.org ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> ns1.acme.fieldmuseum.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40189 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;ns1.acme.fieldmuseum.org. IN A ;; Query time: 0 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Mon Dec 02 20:43:59 EET 2019 ;; MSG SIZE rcvd: 53 ▶ dig ns2.acme.fieldmuseum.org ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> ns2.acme.fieldmuseum.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19057 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;ns2.acme.fieldmuseum.org. IN A ;; ANSWER SECTION: ns2.acme.fieldmuseum.org. 3420 IN A 107.0.125.101 ;; Query time: 22 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Mon Dec 02 20:44:15 EET 2019 ;; MSG SIZE rcvd: 69 ```
kerem commented 2026-03-13 15:44:05 +03:00
Author
Owner
Copy link

@pdavisfmnh commented on GitHub (Dec 2, 2019):

This is what I get for working on things when I'm supposed to be on vacation. Fixed the DNS issue and magically it's working right.

It's not DNS. It's DNS.

<!-- gh-comment-id:560550521 --> @pdavisfmnh commented on GitHub (Dec 2, 2019): This is what I get for working on things when I'm supposed to be on vacation. Fixed the DNS issue and magically it's working right. It's not DNS. It's DNS.
kerem commented 2026-03-13 15:44:10 +03:00
Author
Owner
Copy link

@joohoi commented on GitHub (Dec 4, 2019):

Great to hear that you got it fixed!

It's not DNS. It's DNS.

Is this a reference to the DNS haiku:

It's not DNS
There's no way it's DNS
It was DNS
<!-- gh-comment-id:561518620 --> @joohoi commented on GitHub (Dec 4, 2019): Great to hear that you got it fixed! > It's not DNS. It's DNS. Is this a reference to the DNS haiku: ``` It's not DNS There's no way it's DNS It was DNS ```
kerem commented 2026-03-13 15:44:15 +03:00
Author
Owner
Copy link

@bezaleel22 commented on GitHub (Jun 9, 2020):

This is what I get for working on things when I'm supposed to be on vacation. Fixed the DNS issue and magically it's working right.

It's not DNS. It's DNS.

Please am also facing thesame issue, how were you able to solve this problem thanks. Below is my dig output

~$ dig ns @16.54.132.200 acme.techbezaleel.net

; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> ns @16.54.132.200 acme.techbezaleel.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60583
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;acme.techbezaleel.net.INNS

;; AUTHORITY SECTION:
acme.techbezaleel.net. 300   IN   NS      ns1.acme.techbezaleel.net.

;; ADDITIONAL SECTION:
ns1.acme.techbezaleel.net. 300   IN   A   78.18.11.2

;; Query time: 67 msec
;; SERVER: 16.54.132.200#53(156.154.132.200)
;; WHEN: Mon Jun 08 23:05:38 PDT 2020
;; MSG SIZE  rcvd: 88
<!-- gh-comment-id:641094333 --> @bezaleel22 commented on GitHub (Jun 9, 2020): > This is what I get for working on things when I'm supposed to be on vacation. Fixed the DNS issue and magically it's working right. > > It's not DNS. It's DNS. Please am also facing thesame issue, how were you able to solve this problem thanks. Below is my `dig` output ``` ~$ dig ns @16.54.132.200 acme.techbezaleel.net ; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> ns @16.54.132.200 acme.techbezaleel.net ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60583 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;acme.techbezaleel.net.INNS ;; AUTHORITY SECTION: acme.techbezaleel.net. 300 IN NS ns1.acme.techbezaleel.net. ;; ADDITIONAL SECTION: ns1.acme.techbezaleel.net. 300 IN A 78.18.11.2 ;; Query time: 67 msec ;; SERVER: 16.54.132.200#53(156.154.132.200) ;; WHEN: Mon Jun 08 23:05:38 PDT 2020 ;; MSG SIZE rcvd: 88 ```
kerem commented 2026-03-13 15:44:20 +03:00
Author
Owner
Copy link

@webprofusion-chrisc commented on GitHub (Jun 9, 2020):

Check dig from outside your network (like on a cloud vm). Your port 53 is probably not open (for remote DNS queries), so your https/https port probably isn't open either.

<!-- gh-comment-id:641104899 --> @webprofusion-chrisc commented on GitHub (Jun 9, 2020): Check dig from outside your network (like on a cloud vm). Your port 53 is probably not open (for remote DNS queries), so your https/https port probably isn't open either.
kerem commented 2026-03-13 15:44:26 +03:00
Author
Owner
Copy link

@bezaleel22 commented on GitHub (Jun 10, 2020):

Thanks for the reply, i will comfirm this with dig and nmap and get back

<!-- gh-comment-id:642161835 --> @bezaleel22 commented on GitHub (Jun 10, 2020): Thanks for the reply, i will comfirm this with dig and nmap and get back
kerem commented 2026-03-13 15:44:31 +03:00
Author
Owner
Copy link

@bezaleel22 commented on GitHub (Jun 10, 2020):

the following are the outputs i have recieved:
cur from my local machine

curl -X POST http://acme.techbezaleel.net:53/register
curl: (6) Could not resolve host: acme.techbezaleel.net

firewall on my server...

$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
443/tcp                   ALLOW       Anywhere                  
53/tcp                     ALLOW       Anywhere                  
53/udp                    ALLOW       Anywhere

dig from my local machine

dig txt @56.54.133.200 _acme-challenge.techbezaleel.net

; <<>> DiG 9.11.5-P4-5.1ubuntu2.2-Ubuntu <<>> txt @156.154.133.200 _acme-challenge.techbezaleel.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24075
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_acme-challenge.techbezaleel.net. IN	TXT

;; ANSWER SECTION:
_acme-challenge.techbezaleel.net. 300 IN CNAME	0bc749ee-3512-4cb9-bb92-7d366562f62d.acme.techbezaleel.net.

;; AUTHORITY SECTION:
acme.techbezaleel.net.	300	IN	NS	ns1.acme.techbezaleel.net.

;; ADDITIONAL SECTION:
ns1.acme.techbezaleel.net. 300	IN	A	51.178.171.26

;; Query time: 932 msec
;; SERVER: 56.54.133.200#53(156.154.133.200)
;; WHEN: Wed Jun 10 18:56:11 WAT 2020
;; MSG SIZE  rcvd: 160

nslookup from my local machine

nslookup ns1.techbezaleel.net
Server:		127.0.0.53
Address:	127.0.0.53#53

Non-authoritative answer:
Name:	ns1.techbezaleel.net
Address: 51.78.71.26

Please how can i make scene of these output my firewall shows that port 53 is open but curl cant connect on that port,

<!-- gh-comment-id:642181585 --> @bezaleel22 commented on GitHub (Jun 10, 2020): the following are the outputs i have recieved: `cur` from my local machine ``` curl -X POST http://acme.techbezaleel.net:53/register curl: (6) Could not resolve host: acme.techbezaleel.net ``` firewall on my server... ``` $ sudo ufw status Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere 53/tcp ALLOW Anywhere 53/udp ALLOW Anywhere ``` `dig` from my local machine ``` dig txt @56.54.133.200 _acme-challenge.techbezaleel.net ; <<>> DiG 9.11.5-P4-5.1ubuntu2.2-Ubuntu <<>> txt @156.154.133.200 _acme-challenge.techbezaleel.net ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24075 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;_acme-challenge.techbezaleel.net. IN TXT ;; ANSWER SECTION: _acme-challenge.techbezaleel.net. 300 IN CNAME 0bc749ee-3512-4cb9-bb92-7d366562f62d.acme.techbezaleel.net. ;; AUTHORITY SECTION: acme.techbezaleel.net. 300 IN NS ns1.acme.techbezaleel.net. ;; ADDITIONAL SECTION: ns1.acme.techbezaleel.net. 300 IN A 51.178.171.26 ;; Query time: 932 msec ;; SERVER: 56.54.133.200#53(156.154.133.200) ;; WHEN: Wed Jun 10 18:56:11 WAT 2020 ;; MSG SIZE rcvd: 160 ``` `nslookup` from my local machine ``` nslookup ns1.techbezaleel.net Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: Name: ns1.techbezaleel.net Address: 51.78.71.26 ``` Please how can i make scene of these output my firewall shows that port 53 is open but curl cant connect on that port,
kerem commented 2026-03-13 15:44:36 +03:00
Author
Owner
Copy link

@bezaleel22 commented on GitHub (Jun 10, 2020):

sorry this the actual output of nmap on port 53

sudo nmap -p 53 51.178.171.26 -Pn -sU
Starting Nmap 7.80 ( https://nmap.org ) at 2020-06-10 19:35 WAT
Nmap scan report for 51.178.171.26
Host is up (0.17s latency).

PORT   STATE SERVICE
53/udp open  domain

Nmap done: 1 IP address (1 host up) scanned in 1.31 seconds

sudo nmap -p 53 51.178.171.26 -Pn    
Starting Nmap 7.80 ( https://nmap.org ) at 2020-06-10 19:36 WAT
Nmap scan report for 51.178.171.26
Host is up (0.16s latency).

PORT   STATE SERVICE
53/tcp open  domain

Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds
<!-- gh-comment-id:642188419 --> @bezaleel22 commented on GitHub (Jun 10, 2020): sorry this the actual output of `nmap` on port 53 ``` sudo nmap -p 53 51.178.171.26 -Pn -sU Starting Nmap 7.80 ( https://nmap.org ) at 2020-06-10 19:35 WAT Nmap scan report for 51.178.171.26 Host is up (0.17s latency). PORT STATE SERVICE 53/udp open domain Nmap done: 1 IP address (1 host up) scanned in 1.31 seconds ``` ``` sudo nmap -p 53 51.178.171.26 -Pn Starting Nmap 7.80 ( https://nmap.org ) at 2020-06-10 19:36 WAT Nmap scan report for 51.178.171.26 Host is up (0.16s latency). PORT STATE SERVICE 53/tcp open domain Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds ```
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
fix_dockerhub
dockerhub
readme2.0
goreleaser_action
refactoring
linter_update_config
update_deps_122
dependabot/go_modules/github.com/valyala/fasthttp-1.34.0
deps_bump
update_goreleaser
update_golint
deps_update
update_dockerfile
v2.0.2
v2.0.1
v2.0
v1.1
v1.0
v0.8
v0.7.2
v0.7.1
v0.7
v0.6
v0.5
v0.4
v0.3.2
v0.3.1
v0.3
v0.2
v0.1
Labels
Clear labels   
Documentation

   
Documentation

   
bug

   
enhancement

   
feature request

   
feature request

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
security

   
security

   
testing
No labels
Documentation
Documentation
bug
enhancement
feature request
feature request
help wanted
pull-request
question
security
security
testing
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/acme-dns#86
No description provided.