Good day, I'm running a DNS server on : Ubuntu 18.04.4 LTS (Bionic Beaver) ISPConfig 3.1dev I'm trying to validate a new TLS certificate with the provider and I'm having issues with the casing. It seems that ISPConfig saves everything in lower case. ex: abc CNAME E134BG becomes e134bg oncce saved and the provider doesn't accept it. I understand i'm running an older version of OS and ISPConfig. Could this be fixed with an update? Can I update the configurations (no lower case) or settings (E134BG) manually somewhere? Thank you, JP
The DNS names should be in lowercase and DNS system is case insensitive in general, so the TLS provider you use should not give you an upercase CNAME and / or expect that an uppercase CNAME is returned due the fact of case insensitivity of the DNS system in general. I do not think that it's a good idea to change the current behaviour of ISPConfig. I think its not unlikely that your problem is something else and not related to the use of upper or lowercase characters as you will always get the same record back in DNS, no matter if you use upper- or lowercase. Example: Code: administrator@server1:~$ dig HoWtoFoRge.com ; <<>> DiG 9.18.16-1~deb12u1-Debian <<>> HoWtoFoRge.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33597 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;HoWtoFoRge.com. IN A ;; ANSWER SECTION: HoWtoFoRge.com. 273 IN A 104.26.2.165 HoWtoFoRge.com. 273 IN A 104.26.3.165 HoWtoFoRge.com. 273 IN A 172.67.68.93 ;; Query time: 24 msec ;; SERVER: 192.168.0.1#53(192.168.0.1) (UDP) ;; WHEN: Thu Jan 04 17:10:20 CET 2024 ;; MSG SIZE rcvd: 91 administrator@server1:~$ dig howtoforge.com ; <<>> DiG 9.18.16-1~deb12u1-Debian <<>> howtoforge.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36687 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;howtoforge.com. IN A ;; ANSWER SECTION: howtoforge.com. 265 IN A 104.26.2.165 howtoforge.com. 265 IN A 104.26.3.165 howtoforge.com. 265 IN A 172.67.68.93 ;; Query time: 16 msec ;; SERVER: 192.168.0.1#53(192.168.0.1) (UDP) ;; WHEN: Thu Jan 04 17:10:28 CET 2024 ;; MSG SIZE rcvd: 91 as you can see, case does not matter at all in DNS, you get the same record back, no matter if you use uppercase, lowercase or mix it.
Is it normal that the CNAME option adds my domain as a suffix to the Target Hostname? I double checked and it's not in the saved Record in ISPConfig. But when I dig, it's added? That seems to be the error I'm getting from the provider. I can reproduce it: (screenshot attached) DNS CNAME Hostname : _test123 Target Hostname : 123.456.example.com TTL: 60 --- # dig _test123.hostinpowers.net cname @ns1.hostinpowers.net ; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> _test123.hostinpowers.net cname @ns1.hostinpowers.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14181 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: a412bd425d7243a07b6733f36597107678bead0e747ad50c (good) ;; QUESTION SECTION: ;_test123.hostinpowers.net. IN CNAME ;; ANSWER SECTION: _test123.hostinpowers.net. 60 IN CNAME 123.456.example.com.hostinpowers.net. ;; AUTHORITY SECTION: hostinpowers.net. 600 IN NS ns2.hostinpowers.net. hostinpowers.net. 600 IN NS ns1.hostinpowers.net. JP
Then you missed adding a dot at the end of the FQDN, see the other records of that zone, all FQDN end with a dot. Any FQDN (Fully qualified domain name) in DNS must end with a do. That's not ISPConfig specific btw. So the correct input would be: Code: Hostname : _test123 Target Hostname : 123.456.example.com. TTL: 60
That was it! 'DOMAIN VALIDATION: DNS-BASED' was successfull. Once again, thank you very much for the excellent support. JP
