Thanks for the reply.
I’m still puzzled by still finding, on the net, guides like the following, https://www.fabiblog.de/lets-encrypt-mit-dns-validierung-kurzanleitung, in which people show how “simple” should be to use a local BIND server to query Let’s Encrypt to generate TLS certificates for internal domains…
In addition, for example, the dns_rfc2136_server parameter, for the rfc2136 certbot plugin, means a public DNS server or an internal one?
At this point (cause now I’m bit confused to which endpoint I would use the certbot rfc2136 plugin) I ask you which is the meaning of the following guide, https://certbot-dns-rfc2136.readthedocs.io/en/stable/, if the main requirement is to be able to talk to the public DNS server: why I would need an internal BIND server If I need, anyway, to talk to the external public DNS server?