Text only | Text with Images

OPNsense Forum

English Forums => 24.7, 24.10 Legacy Series => Topic started by: wirehire on August 20, 2024, 08:40:28 AM

Title: caddy plugin dns propagation_timeout
Post by: wirehire on August 20, 2024, 08:40:28 AM
Hey,

How can i set the propagation_timeout and propagation_delay? When i type this keyword sin the fields , i dont see the config parameter in the json file. Example with netcup you need a high propagation_timeout and propagation_delay time.

Its this possible in the gui or must it have set on the cli?


Greets
Title: Re: caddy plugin dns propagation_timeout
Post by: Monviech (Cedrik) on August 20, 2024, 08:46:58 PM
Its going to be in os-caddy-1.6.3

https://github.com/opnsense/plugins/issues/4161
Title: Re: caddy plugin dns propagation_timeout
Post by: wirehire on August 21, 2024, 11:15:20 AM
ich habe den patch eingespielt, sehe auch das disable, aber wo kann ich die werte an sich dann mitgeben? zb für netcup 600 oder 900s?
Title: Re: caddy plugin dns propagation_timeout
Post by: Monviech (Cedrik) on August 21, 2024, 12:58:33 PM
propagation_timeout -1 will be set and that means there are indefinite retries.

Also, soon the resolver option can be set too, so you can set it to the netcup dns server. That way there wont be any dns delay.

https://github.com/opnsense/plugins/issues/4178
Title: Re: caddy plugin dns propagation_timeout
Post by: wirehire on August 21, 2024, 01:15:20 PM
retries yes, but , example netcup need longer propagation time , when not infinity loop.

https://github.com/caddy-dns/netcup

NOTE: You may need to set an unexpectedly high propagation time (≥ 900 seconds) to give the netcup DNS time to propagate the entries! This may be annoying when executing caddy run/start manually but should not be a problem in automated setups. In exceptional cases, 20 minutes may be required. See

can we have this option? to set a propagation time and delay ?

Title: Re: caddy plugin dns propagation_timeout
Post by: Monviech (Cedrik) on August 21, 2024, 03:09:18 PM
I don't yet understand.

https://github.com/opnsense/plugins/blob/master/www/caddy/src/opnsense/service/templates/OPNsense/Caddy/Caddyfile#L348-L351

When you enable the checkbox, it waits "propagation_delay 30s" before trying. And afterwards it will "propagation_timeout -1", retry indefinitely without ever stopping. The default when not setting this is 2 Minutes. But setting it to -1 will be unlimited Minutes.

It sets the example parameters as described here:
https://github.com/caddyserver/caddy/pull/4723

Please actually verify that netcup does not work with this patch. If it indeed does not, please raise a ticket on the github plugins.
Title: Re: caddy plugin dns propagation_timeout
Post by: wirehire on August 22, 2024, 01:54:12 PM
Hey,

i tried with patch and the new update 27.1.2 with os-caddy-1.6.3

"error","ts":"2024-08-21T20:13:27Z","logger":"tls.obtain","msg":"will retry","error":"[sub.domain.de] Obtain: [sub.domain.de] solving challenge: sub.domain.de: [sub.domain.de] authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Incorrect TXT record "rekord" (and 1 more) found at _acme-challenge.sub.domain.de (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":124.751260674,"max_duration":2592000%7D

The disable dont help by netcup. The options with longer propagation where needed. Do you still need more for debug?

with other dns example clouflare its workes, so its looks like its needed the higher value for netcup.

thanks for your work !
Title: Re: caddy plugin dns propagation_timeout
Post by: Monviech (Cedrik) on August 22, 2024, 02:41:37 PM
No thats fine, just create a ticket on github for me and I'll add the option to set custom values.

https://github.com/opnsense/plugins/issues
Text only | Text with Images