DNS challenge querying different nameservers

Hello everyone,

while testing a fully automated way to provide certs to a server with letsencrypt.sh, we ran into the problem that the change of the TXT record must be propagated to ALL nameservers - which at least for most of my domains happens via axfr.

Problem with that is, that the time the secondary nameserver takes to transfer the zone is not deterministic.

While it is logical and would not be a major problem to wait for all servers, why doesn’t the boulder server just query the primary nameserver for the domain?

Send NOTIFY to your slaves and sleep for a minute does not work?