diff options
author | Phil Martin <root@frillip.com> | 2022-10-14 00:52:08 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-10-14 00:52:08 +0300 |
commit | 92aaa9703b2f415ae0afd3fb66a3e569e41b4853 (patch) | |
tree | 5dc6886ebc2a1ca2d6318de8500e1ef902b64e15 /certbot-dns-rfc2136 | |
parent | e84271b36b530099a9c1d8de20d13148b99cb8a8 (diff) |
TSIG SOA query fix (#9408)
* Use the TSIG keyring for the initial SOA request
Helps allow the use of keys in BIND ACLs to help certbot update the correct zone. Previously TSIG was only used for zone updates, rather than for both the authoritative SOA request and zone update.
* Update CHANGELOG.md
* Update AUTHORS.md
* Workaround for mypy failure due to dnspython stubs
As per https://github.com/certbot/certbot/pull/9408#issuecomment-1257868864
Co-authored-by: Alex Zorin <alex@zorin.id.au>
Diffstat (limited to 'certbot-dns-rfc2136')
-rw-r--r-- | certbot-dns-rfc2136/certbot_dns_rfc2136/_internal/dns_rfc2136.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/certbot-dns-rfc2136/certbot_dns_rfc2136/_internal/dns_rfc2136.py b/certbot-dns-rfc2136/certbot_dns_rfc2136/_internal/dns_rfc2136.py index 8cf6d9966..2c52486e2 100644 --- a/certbot-dns-rfc2136/certbot_dns_rfc2136/_internal/dns_rfc2136.py +++ b/certbot-dns-rfc2136/certbot_dns_rfc2136/_internal/dns_rfc2136.py @@ -216,6 +216,8 @@ class _RFC2136Client: request = dns.message.make_query(domain, dns.rdatatype.SOA, dns.rdataclass.IN) # Turn off Recursion Desired bit in query request.flags ^= dns.flags.RD + # Use our TSIG keyring + request.use_tsig(self.keyring, algorithm=self.algorithm) # type: ignore[attr-defined] try: try: |