From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tobias Geerinckx-Rice Subject: Re: DNS delegation Date: Fri, 15 Mar 2019 15:11:02 +0100 Message-ID: <87sgvojki1.fsf@nckx> References: <20190304223229.2a239785@lepiller.eu> <875zsm6cq5.fsf@gnu.org> <262438111cdbe3863cdea431dedcad36@lepiller.eu> <87r2b85mkq.fsf@gnu.org> <87tvg4jlud.fsf@nckx> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([209.51.188.92]:43020) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h4nYG-0000Y7-93 for guix-devel@gnu.org; Fri, 15 Mar 2019 10:11:13 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h4nYF-0001x4-HL for guix-devel@gnu.org; Fri, 15 Mar 2019 10:11:12 -0400 In-reply-to: List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Julien Lepiller Cc: guix-devel@gnu.org, guix-sysadmin@gnu.org Julien, Julien Lepiller wrote: >> Was it=E2=80=A6 DNS-01 challenges? That doesn't even care about IPs at= =20 >> all. > > Does it mean we need to manually update the zone? I was about to write =E2=80=98no, ha ha, imagine that=E2=80=99, but then I= =20 remembered that you're using the Guix service configuration=20 wrappers which do hard-code the zone data in the system=20 configuration :-/ You can always delegate a subdomain just for the ACME challenges,=20 though, and have that statefully updated by a certbot hook. I'm=20 being vague because I don't know the exact names, but it's=20 completely supported. > How do you automate that process? Me personally? RFC-2136 (=E2=80=98nsupdate=E2=80=99) dynamic updates, allo= wed=20 only from localhost. But I never use Guix's service configuration=20 wrappers. Kind regards, T G-R