2

I tried to add a txt value to my DNS records to use certbot (certbot-auto as explained here ).

Here are my DNS records in text mode (with example numbers):

@ 10800 IN SOA ex1.example.net. hostmaster.example.net. XXXXX XXXXX XXXX XXXXXX XXXXX
* 1800 IN A XXX.XXX.XXX.XXX
@ 10800 IN A XXX.XXX.XXX.XXX
@ 10800 IN MX 10 @
@ 10800 IN MX 50 fb.mail.gandi.net.
_acme-challenge.example.org 1800 IN A XXX.XXX.XXX.XXX
_acme-challenge.example.org 10800 IN TXT "a-value"
_acme-challenge.example.org 10800 IN TXT "another-value"
www.example.org 1800 IN A XXX.XXX.XXX.XXX

but when I run:

host -t txt _acme-challenge.example.org

I get:

_acme-challenge.example.org has no TXT record

Why are my TXT records not taken into account?

arthur.sw
  • 123
  • 5
  • 2
    In many cases mentioning the actual domain name is essential for the community to be able to help diagnose DNS issues. This may be one too. Please refer to [this Q&A](http://meta.serverfault.com/q/963/37681) for our recommendations with regards to how and what (not) to obfuscate in your questions. – HBruijn Sep 13 '18 at 11:11
  • I second the previous comment especially that you seem to be in zone example.net and also having example.org records along the way. Are you listing the zone file or showing some tool output? Do you also remember about the syntax of the LHS, especially with regard to how the dot at the end of it behaves? – Tomek Sep 13 '18 at 11:23
  • 1
    For any kind of DNS troubleshooting, you should first explicitely query the authoritative nameservers of your domain to double check they have the relevant data, use the `dig` command with its `@` parameter. Only until this is checked you can start to see if/when recursive nameservers have the correct entries, and you can use many known ones: `1.1.1.1`, `8.8.8.8`, `9.9.9.9` or `80.80.80.80` – Patrick Mevzek Sep 13 '18 at 14:53

1 Answers1

4

Some things to consider:

_acme-challenge.example.net    1800  IN  A    XXX.XXX.XXX.XXX
_acme-challenge.example.org   10800  IN  TXT  "a-value"
_acme-challenge.example.org   10800  IN  TXT  "another-value"
www.example.org                1800  IN  A    XXX.XXX.XXX.XXX

You should end the FQDN on the left with a dot. Otherwise it will put the $ORIGIN after it. I assume this is not the desired behavior.

Secondly you're mixing records for two different zones. How would that work out? Should they not all end with 'example.net'?

Tommiie
  • 5,627
  • 2
  • 12
  • 46