0

For LetsEncrypt I need to create a TXT record in my DNS for authentication. With my ISP I created a TXT record but one hour later I still can't query the ISP DNS to find the TXT record. Just for test I created a new CNAME record for a different hostname and this record shows rather quick.

My ISP's DNS server: ns0.transip.net.

Query on command line: dig @ns0.transip.net ftp2.vanzanten.be Result is the CNAME and A record.

query: dig @ns0.transip.net dig _acme-challenge.vanzanten.be Doesn't return an answer section.

Is my query incorrect? Should I wait longer? It has been 2hrs now. Is the TXT record created incorrectly, although it is done through a web interface on my control panel with the provider.

Gabrie
  • 123
  • 6
  • Is it ns0.transip.nl or ns0.transip.net? Also I am sure you don't own the domain mydomain.com so you should not be using this. – Michael Hampton Dec 27 '20 at 20:01
  • Indeed a type in the .net or .nl. I changed the original question. Also put int the real domain name: vanzanten.be – Gabrie Dec 27 '20 at 20:10

1 Answers1

4

Your test dig @ns0.transip.net dig _acme-challenge.vanzanten.be is wrong in two ways:

  • There is a stray dig in the middle, causing weirdness.
  • The type of the expected record is not A, but TXT.

dig @ns0.transip.net _acme-challenge.vanzanten.be TXT would be the appropriate test, as per:

$ dig @ns0.transip.net _acme-challenge.vanzanten.be TXT +norec

; <<>> DiG 9.11.25-RedHat-9.11.25-2.fc33 <<>> @ns0.transip.net _acme-challenge.vanzanten.be TXT +norec
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56046
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_acme-challenge.vanzanten.be.  IN      TXT

;; ANSWER SECTION:
_acme-challenge.vanzanten.be. 300 IN    TXT     "hT1NqF_CMjuQnNagi_dvnyG7WSRKmda-AUBt6ELKbyY"

;; Query time: 7 msec
;; SERVER: 2a01:7c8:dddd:195::195#53(2a01:7c8:dddd:195::195)
;; WHEN: Sun Dec 27 20:24:07 UTC 2020
;; MSG SIZE  rcvd: 141

$
Håkan Lindqvist
  • 33,741
  • 5
  • 65
  • 90
  • Sigh... how did I overlook that extra dig in the command line. But follow up question, a TXT record is never shown with just "dig @ns0.transip.net _acme-challenge.vanzanten.be" ???? Would that only show NS and A records? – Gabrie Dec 27 '20 at 20:43
  • 3
    @Gabrie When you don't specify a type, `dig` defaults to querying for `A`. It then shows whatever records were in the response it received. (If you query for `A` with a name where there is only `TXT`, you will get a `NODATA` style response.) – Håkan Lindqvist Dec 27 '20 at 20:46