Show Posts
1
General Discussion / Cannot resolve external TXT record when local A override is created
« on: December 23, 2023, 02:02:46 am »
I am sure that I am probably doing something wrong here, but I have exhausted my troubleshooting ability. I just switched to OPNsense from pfsense and started having issues with Cert-Manager on my Kubernetes cluster.
Locally I have an internal DNS record for my-domain.tld and I am trying to get a certificate for it, when Cert-Manager asks for the TXT record however, it gets an empty response. If I query my forwarding server directly I can see it. (my-domain.tld is just a stand in)
Now, if I turn off the local override, the TXT record does in fact resolve like it should.
I have tried changing the Local Zone Type to TYPETRANSPARENT instead of just TRANSPARENT but it does not seem to have made a difference.
My DIG outputs are as follows:
=== With the local override ===
; <<>> DiG 9.18.20 <<>> @10.100.4.1 my-domain.tld TXT
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10477
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;my-domain.tld. IN TXT
;; Query time: 0 msec
;; SERVER: 10.100.4.1#53(10.100.4.1) (UDP)
;; WHEN: Fri Dec 22 19:56:23 EST 2023
;; MSG SIZE rcvd: 46
=== Without the local override ===
; <<>> DiG 9.18.20 <<>> @10.100.4.1 status.unit15.net TXT
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59550
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;my-domain.tld. IN TXT
;; ANSWER SECTION:
my-domain.tld. 300 IN TXT "This is a test"
;; Query time: 112 msec
;; SERVER: 10.100.4.1#53(10.100.4.1) (UDP)
;; WHEN: Fri Dec 22 19:56:13 EST 2023
;; MSG SIZE rcvd: 73
Any help would be greatly appreciated. Thanks!
Locally I have an internal DNS record for my-domain.tld and I am trying to get a certificate for it, when Cert-Manager asks for the TXT record however, it gets an empty response. If I query my forwarding server directly I can see it. (my-domain.tld is just a stand in)
Now, if I turn off the local override, the TXT record does in fact resolve like it should.
I have tried changing the Local Zone Type to TYPETRANSPARENT instead of just TRANSPARENT but it does not seem to have made a difference.
My DIG outputs are as follows:
=== With the local override ===
; <<>> DiG 9.18.20 <<>> @10.100.4.1 my-domain.tld TXT
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10477
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;my-domain.tld. IN TXT
;; Query time: 0 msec
;; SERVER: 10.100.4.1#53(10.100.4.1) (UDP)
;; WHEN: Fri Dec 22 19:56:23 EST 2023
;; MSG SIZE rcvd: 46
=== Without the local override ===
; <<>> DiG 9.18.20 <<>> @10.100.4.1 status.unit15.net TXT
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59550
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;my-domain.tld. IN TXT
;; ANSWER SECTION:
my-domain.tld. 300 IN TXT "This is a test"
;; Query time: 112 msec
;; SERVER: 10.100.4.1#53(10.100.4.1) (UDP)
;; WHEN: Fri Dec 22 19:56:13 EST 2023
;; MSG SIZE rcvd: 73
Any help would be greatly appreciated. Thanks!