I need to get the acme-dns server running locally, on a server that is already running an instance of my split-DNS (so 53 is not available).
Outside public DNS for mydomain.tld
:
acmedns IN NS usedname.mydomain.tld
usedname IN A 100.11.12.13
linuxserver IN A 100.11.12.14
Inside private DNS for mydomain.tld
:
linuxserver IN A 192.168.10.10
acme-dns is running as a container via docker compose, with this:
ports:
- "943:443"
- "953:53"
- "953:53/udp"
- "980:80"
It starts fine:
acmedns-1 | time="2024-06-08T12:46:06Z" level=info msg="Using config file" file=/etc/acme-dns/config.cfg
acmedns-1 | time="2024-06-08T12:46:06Z" level=info msg="Connected to database"
acmedns-1 | time="2024-06-08T12:46:06Z" level=debug msg="Adding new record to domain" domain=vanroodewierda.rna.nl. recordtype=A
acmedns-1 | time="2024-06-08T12:46:06Z" level=debug msg="Adding new record to domain" domain=acmedns.rna.nl. recordtype=NS
acmedns-1 | time="2024-06-08T12:46:06Z" level=debug msg="Adding new record to domain" domain=acmedns.rna.nl. recordtype=SOA
acmedns-1 | time="2024-06-08T12:46:06Z" level=info msg="Listening HTTPS" domain=acmedns.rna.nl host="0.0.0.0:443"
acmedns-1 | time="2024-06-08T12:46:06Z" level=info msg="Listening DNS" addr="0.0.0.0:53" proto=udp
acmedns-1 | time="2024-06-08T12:46:06Z" level=info msg="Listening DNS" addr="0.0.0.0:53" proto=tcp
NAT is like
100.11.12.13:53 -> 192.168.10.10:953
From the outside, my acme-dns is reachable:
nc -v -z -u usedname.mydomain.tld 53
Ncat: Version 7.92 ( https://nmap.org/ncat )
Ncat: Connected to k.l.m.n:53.
Ncat: UDP packet sent successfully
Ncat: 1 bytes sent, 0 bytes received in 2.01 seconds.
From the inside as well:
nc -v -z -u linuxserver.mydomain.tld 953
Connection to linuxserver port 953 [udp/*] succeeded!
Now, when on the inside I try to register, I get
root@linuxserver:/srv/docker/nameserver# curl -X POST https://linuxserver.mydomain.tld:943/register
curl: (35) error:0A000438:SSL routines::tlsv1 alert internal error
and the log says:
acmedns-1 | time="2024-06-08T12:47:43Z" level=info msg="http: TLS handshake error from 192.168.10.10:53822: no certificate available for 'linuxserver.mydomain.tld'"
My config is a mess, of course, because I don't understand this all very well.
# domain name to serve the requests off of
domain = "acmedns.mydomain.tld"
# zone name server
nsname = "usedname.mydomain.tld"
# admin email address, where @ is substituted with .
nsadmin = "hostmaster.mydomain.tld"
# predefined records served in addition to the TXT
records = [
# domain pointing to the public IP of your acme-dns server
"usedname.rna.nl. A 100.11.12.13",
# specify that auth.example.org will resolve any *.auth.example.org records
"acmedns.mydomain.tld. NS usedname.mydomain.tld.",
]
Is there a way to get the acme-dns
running self-hosted in this situation?