Hello,
With a wildcard domain and two subdomains as configured here, I wish to have Dynamic DNS update only one of the subdomains, fw.DOMAIN.TLD, which is an A record. (The other subdomain is a CNAME pointing to fw, and therefore Dynamic DNS is only enabled for fw.)
Caddy is able to fetch a certificate using a DNS-01 challenge, so I know the Gandi token is good. However, the A record is not being updated.
Expected behavior
No error message and a single A record reflecting the tracked interface's IP.
Actual behavior
There was already an A record for fw in the DOMAIN.TLD zone with TTL 300 (the shortest TTL supported by Gandi). When the IP of the tracked interface matched what was already in DNS, the log output below was generated and no changes were made in Gandi DNS.
Most recent output at the top, with the first line being the error in question:
2024-06-07T21:13:13 Informational caddy "info","ts":"2024-06-07T21:13:13Z","logger":"dynamic_dns","msg":"domain not found in DNS","domain":"fw.DOMAIN.TLD"}
2024-06-07T21:13:12 Informational caddy "info","ts":"2024-06-07T21:13:12Z","logger":"tls","msg":"finished cleaning storage units"}
2024-06-07T21:13:12 Warning caddy "warn","ts":"2024-06-07T21:13:12Z","logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/db/caddy/data/caddy","instance":"7dd70669-0cc4-4dfb-bf2b-ab10deedd5b9","try_again":"2024-06-08T21:13:12Z","try_again_in":86399.999999549}
2024-06-07T21:13:12 Informational caddy "info","ts":"2024-06-07T21:13:12Z","msg":"serving initial configuration"}
2024-06-07T21:13:12 Informational caddy "info","ts":"2024-06-07T21:13:12Z","msg":"autosaved config (load with --resume flag)","file":"/var/db/caddy/config/caddy/autosave.json"}
2024-06-07T21:13:12 Informational caddy "info","ts":"2024-06-07T21:13:12Z","logger":"http","msg":"enabling automatic TLS certificate management","domains":["*.DOMAIN.TLD"]}
2024-06-07T21:13:12 Informational caddy "info","ts":"2024-06-07T21:13:12Z","logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
2024-06-07T21:13:12 Informational caddy "info","ts":"2024-06-07T21:13:12Z","logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
2024-06-07T21:13:12 Informational caddy "info","ts":"2024-06-07T21:13:12Z","logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
2024-06-07T21:13:12 Informational caddy "info","ts":"2024-06-07T21:13:12Z","logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
2024-06-07T21:13:12 Informational caddy "info","ts":"2024-06-07T21:13:12Z","logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
2024-06-07T21:13:12 Informational caddy "info","ts":"2024-06-07T21:13:12Z","logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x86c65a300"}
2024-06-07T21:13:12 Informational caddy "info","ts":"2024-06-07T21:13:12Z","logger":"admin","msg":"admin endpoint started","address":"unix//var/run/caddy/caddy.sock","enforce_origin":false,"origins":["","//127.0.0.1","//::1"]}
2024-06-07T21:13:12 Informational caddy "info","ts":"2024-06-07T21:13:12Z","logger":"admin.api","msg":"shutdown complete","exit_code":0}
2024-06-07T21:13:12 Informational caddy "info","ts":"2024-06-07T21:13:12Z","logger":"admin","msg":"stopped previous server","address":"unix//var/run/caddy/caddy.sock"}
2024-06-07T21:12:59 Informational caddy "info","ts":"2024-06-07T21:12:59Z","logger":"http","msg":"servers shutting down with eternal grace period"}
2024-06-07T21:12:59 Warning caddy "warn","ts":"2024-06-07T21:12:59Z","logger":"admin.api","msg":"exiting; byeee!! 👋"}
2024-06-07T21:12:59 Informational caddy "info","ts":"2024-06-07T21:12:59Z","logger":"admin.api","msg":"received request","method":"POST","host":"127.0.0.1","uri":"/stop","remote_ip":"","remote_port":"","headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"User-Agent":["Go-http-client/1.1"]}}
However, while troubleshooting this issue I manually set the IP of the A record to 0.0.0.0, restarted Caddy, and:
- The TTL of that
0.0.0.0 record was changed from 300 to 3600 (matching the configured 1-hour TTL), but the IP was not changed; and
- a new
A record (yes, duplicate label of fw) was created with TTL 3600 and the correct IP, resulting in both records being returned in queries. This is broken.
Here's the log output in that case, throwing the same domain not found in DNS error as above, but with two extra records above it which themselves seem correct:
2024-06-07T21:25:35 Informational caddy "info","ts":"2024-06-07T21:25:35Z","logger":"dynamic_dns","msg":"finished updating DNS","current_ips":["IP.ADD.RE.SS"]}
2024-06-07T21:25:35 Informational caddy "info","ts":"2024-06-07T21:25:35Z","logger":"dynamic_dns","msg":"updating DNS record","zone":"DOMAIN.TLD","type":"A","name":"fw","value":"IP.ADD.RE.SS","ttl":3600}
2024-06-07T21:25:35 Informational caddy "info","ts":"2024-06-07T21:25:35Z","logger":"dynamic_dns","msg":"domain not found in DNS","domain":"fw.DOMAIN.TLD"}
2024-06-07T21:25:34 Informational caddy "info","ts":"2024-06-07T21:25:34Z","logger":"tls","msg":"finished cleaning storage units"}
2024-06-07T21:25:34 Warning caddy "warn","ts":"2024-06-07T21:25:34Z","logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/db/caddy/data/caddy","instance":"7dd70669-0cc4-4dfb-bf2b-ab10deedd5b9","try_again":"2024-06-08T21:25:34Z","try_again_in":86399.999999349}
2024-06-07T21:25:34 Informational caddy "info","ts":"2024-06-07T21:25:34Z","msg":"serving initial configuration"}
2024-06-07T21:25:34 Informational caddy "info","ts":"2024-06-07T21:25:34Z","msg":"autosaved config (load with --resume flag)","file":"/var/db/caddy/config/caddy/autosave.json"}
2024-06-07T21:25:34 Informational caddy "info","ts":"2024-06-07T21:25:34Z","logger":"http","msg":"enabling automatic TLS certificate management","domains":["*.DOMAIN.TLD"]}
2024-06-07T21:25:34 Informational caddy "info","ts":"2024-06-07T21:25:34Z","logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
2024-06-07T21:25:34 Informational caddy "info","ts":"2024-06-07T21:25:34Z","logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
2024-06-07T21:25:34 Informational caddy "info","ts":"2024-06-07T21:25:34Z","logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
2024-06-07T21:25:34 Informational caddy "info","ts":"2024-06-07T21:25:34Z","logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
2024-06-07T21:25:34 Informational caddy "info","ts":"2024-06-07T21:25:34Z","logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
2024-06-07T21:25:34 Informational caddy "info","ts":"2024-06-07T21:25:34Z","logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x86c0d1580"}
2024-06-07T21:25:34 Informational caddy "info","ts":"2024-06-07T21:25:34Z","logger":"admin","msg":"admin endpoint started","address":"unix//var/run/caddy/caddy.sock","enforce_origin":false,"origins":["","//127.0.0.1","//::1"]}
2024-06-07T21:25:34 Informational caddy "info","ts":"2024-06-07T21:25:34Z","logger":"admin.api","msg":"shutdown complete","exit_code":0}
2024-06-07T21:25:34 Informational caddy "info","ts":"2024-06-07T21:25:34Z","logger":"admin","msg":"stopped previous server","address":"unix//var/run/caddy/caddy.sock"}
2024-06-07T21:25:21 Informational caddy "info","ts":"2024-06-07T21:25:21Z","logger":"http","msg":"servers shutting down with eternal grace period"}
2024-06-07T21:25:21 Warning caddy "warn","ts":"2024-06-07T21:25:21Z","logger":"admin.api","msg":"exiting; byeee!! 👋"}
2024-06-07T21:25:21 Informational caddy "info","ts":"2024-06-07T21:25:21Z","logger":"admin.api","msg":"received request","method":"POST","host":"127.0.0.1","uri":"/stop","remote_ip":"","remote_port":"","headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"User-Agent":["Go-http-client/1.1"]}}
Environment
OPNsense Business 24.4_8 (amd64)
caddy-custom 2.7.6.5.0.3.5.5_16
os-caddy 1.5.4_1
Downstream
The downstream maintainer of the Caddy plugin for.OPNsense has recommended I open the issue here.
Hello,
With a wildcard domain and two subdomains as configured here, I wish to have Dynamic DNS update only one of the subdomains,
fw.DOMAIN.TLD, which is anArecord. (The other subdomain is aCNAMEpointing tofw, and therefore Dynamic DNS is only enabled forfw.)Caddy is able to fetch a certificate using a DNS-01 challenge, so I know the Gandi token is good. However, the
Arecord is not being updated.Expected behavior
No error message and a single
Arecord reflecting the tracked interface's IP.Actual behavior
There was already an
Arecord forfwin theDOMAIN.TLDzone with TTL 300 (the shortest TTL supported by Gandi). When the IP of the tracked interface matched what was already in DNS, the log output below was generated and no changes were made in Gandi DNS.Most recent output at the top, with the first line being the error in question:
However, while troubleshooting this issue I manually set the IP of the
Arecord to0.0.0.0, restarted Caddy, and:0.0.0.0record was changed from 300 to 3600 (matching the configured 1-hour TTL), but the IP was not changed; andArecord (yes, duplicate label offw) was created with TTL 3600 and the correct IP, resulting in both records being returned in queries. This is broken.Here's the log output in that case, throwing the same
domain not found in DNSerror as above, but with two extra records above it which themselves seem correct:Environment
OPNsense Business 24.4_8 (amd64)
caddy-custom 2.7.6.5.0.3.5.5_16
os-caddy 1.5.4_1
Downstream
The downstream maintainer of the Caddy plugin for.OPNsense has recommended I open the issue here.