is a self signed certificate always invalid the first time

Bill Shirley bill at KnoxvilleChristian.org
Mon Aug 21 06:16:07 EEST 2017


I already have bind setup to allow DHCP to update.  Sometimes I need to
tweak things so I use nsupdate.  No 'rndc reload' required.
nsupdate.txt:
delete Zeratul.lan.example.com A
send
delete 90.6.168.192.in-addr.arpa PTR
send
add Zeratul.lan.example.com 902 A 192.168.6.89
send
add 89.6.168.192.in-addr.arpa 902 PTR Zeratul.lan.example.com
send
Command:
nsupdate -k /etc/named/DHCP_UPDATER.key nsupdate.txt

This could be used for a TXT record.

Bill

On 8/20/2017 3:59 PM, Ralph Seichter wrote:
> On 20.08.2017 19:50, KT Walrus wrote:
>
>> I use Cloudflare (free DNS) and DNS Made Easy (paid DNS). I would never
>> run my own DNS service except for communicating between my Docker
>> services internally
> I run my own nameservers for various reasons, not the least of them
> being DNSSEC. My zones' signing keys never leave my hands.
>
>> If you run your own public DNS service (for your Dovecot domains), you
>> should pick one that has an API for updating the DNS records from a
>> script like acme.sh or simply write your own custom hook for acme.sh
>> to use.
> Nameservers like BIND or Unbound can use text based config files (zone
> files), which can be generated on the fly with scripts. Add "rndc
> reload" to the mix, and changes can be made instantaneously, without any
> special APIs.
>
> What can be a bother is when TTL values are set too high and changes in
> the zones take too long to propagate, but that's a general issue, and
> when running your own nameservers you can set these values as low as you
> require.
>
> -Ralph
>
> P.S.: All this sure is interesting, but way off-topic in regards to
> Dovecot. ;-)



More information about the dovecot mailing list