I had just gotten around to that direction because I got a
25.010 general: warning: managed-keys-zone/localhost_resolver: Unable to fetch DNSKEY set ‘dlv.isc.org’: SERVFAIL in the /var/log/named.log file
I am trying to track that down - however given what the jnl file issue does - a better path may be the solution at How to renew wildcard cert with cert-bot auto and remove the jnl file and stay out of dynamic updating because my other domain modification program may be locked out by the jnl file matter from updating the zone file
Here is the DIG output
[root@main ~]# dig @localhost _acme-challenge.xxxxxxxx.com TXT
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> @localhost _acme-challenge.xxxxxxxx.com TXT
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41155
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_acme-challenge.xxxxxxxx.com. IN TXT
;; ANSWER SECTION:
_acme-challenge.xxxxxxxx.com. 14400 IN CNAME xxxxxxxx.com.
;; AUTHORITY SECTION:
xxxxxxxx.com. 10800 IN SOA ns1.yyyyyyyy.com. no-reply.main.yyyyyyyyy.com. 2016122004 3600 7200 2419200 86400
;; Query time: 5145 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 09 14:48:01 CDT 2018
;; MSG SIZE rcvd: 140
Do you or anyone know if there are sample authenticator.sh and cleanup.sh file for the RFC 2136 dns plugin or for any other plugin for BIND ??