Having problems to set TXT records on DNS zone

I am having a problem for multiple days that my TXT DNS records are apparentely not reachable nor foundable, I may have misconfigured something.

Domain: adg.seg.br

Dig Result:

dig txt _acme-challenge.adg.seg.br

; <<>> DiG 9.18.12-0ubuntu0.22.04.3-Ubuntu <<>> txt _acme-challenge.adg.seg.br
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 65069
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1400
;; QUESTION SECTION:
;_acme-challenge.adg.seg.br.    IN      TXT

;; AUTHORITY SECTION:
adg.seg.br.             900     IN      SOA     a.auto.dns.br. hostmaster.registro.br. 2023291930 1800 900 604800 900

DNS Records:

Thanks for your time,
llricci

1 Like

Hi @lucasricci, and welcome to the LE community forum :slight_smile:

It may lack obviousness...
But when you create an entry in domain: example.com
as: entry.example.com
it becomes: entry.example.com.example.com

So... if you need: entry.example.com
only create: entry
[in the zone example.com]

Your TXT entry would be found at:
dig TXT _acme-challenge.adg.seg.br.adg.seg.br

OR

You are not adding those entries in the authoritative DNS zone.

adg.seg.br nameserver = a.auto.dns.br
adg.seg.br nameserver = b.auto.dns.br

But from the looks of these responses:

dig A     adg.seg.br.adg.seg.br a.auto.dns.br
;; ANSWER SECTION:
a.auto.dns.br.          3209    IN      A       200.160.2.88

dig A www.adg.seg.br.adg.seg.br a.auto.dns.br
;; ANSWER SECTION:
a.auto.dns.br.          3201    IN      A       200.160.2.88

It seems that all your entries have suffered the extra domain appended to the domain problem.

2 Likes

Yeah, I am aware of that. I just added _acme-challengin to the record after noticing that. The addtion page is like that:

However, it did not work, or I may have misunderstood it. I don't know what I am supposed to add here, when I used cloudflare in another domain it work just fine.

@rg305 Apparently this domain registrar do the convertion automatically, I first typed _acme-challenge.adg.seg.br but after changed it to _acme-challenge but it did not work either. I guess it can be a problem in the DNS itself, it may take longer to the changes to make effect. I will monitor in the next minutes to see if it works.

I see a TXT record now:

dig +short TXT _acme-challenge.adg.seg.br  a.auto.dns.br.
"5HqdD6POjNnIVRmSipXPRxWxHQyX1Tf0vcmMKFFpwqo"
2 Likes

Yup, me too, using a +trace that is. It probably took some time to propogate (internally). Although I also see Cloudflare DNS is currently being used, is that correct?

Note that it's not very useful to censor out the A records for the IP address: anyone on the public internet could resolve those: that's the whole idea behind DNS. Well, as Cloudflare is being used now and a.auto.dns.br seems to be emptied out, I guess it can be worth hiding the origin server now..

Note that with Cloudflare as your DNS provider, the dns-01 challenge is easily automated with the certbot-dns-cloudlare plugin. So no manual tinkering required!

1 Like

Yep it is correct, I am now using Cloudflare DNS. I found it easier. Thanks for the help

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.