Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://bikeshed.party/objects/36a9aa5a-8166-4dde-af5e-d137c447b435">feld (feld@bikeshed.party)'s status on Thursday, 16-Nov-2023 03:39:39 JST</a><a href="https://bikeshed.party/users/feld" title="feld@bikeshed.party"><img src="https://gnusocial.jp/avatar/4193-48-20240209135539.webp" width="48" height="48" alt="feld" style="position: absolute; left: 0; top: 0;">feld</a><div><a href="https://mastodon.social/@tykling/111415848466985250" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><a href="https://mastodon.social/@tykling">@tykling</a> No, it's not a CNAME, you want a NS for situations like AWS/Route53<br><br>new zone: <a href="https://bikeshed.party/objects/36a9aa5a-8166-4dde-af5e-d137c447b435" rel="noreferrer nofollow">_acme-challenge.foo.com</a>.<br><br>In the parent zone make an NS for:<br><br><a href="https://bikeshed.party/objects/36a9aa5a-8166-4dde-af5e-d137c447b435" rel="noreferrer nofollow">_acme-challenge.foo.com</a>.<br><br>This delegates requests to your new sub-zone. And give the server a key that can only modify records in that subzone.<br><br>(if you are using BIND and maybe others you don't need to do this, IIRC you can be more granular without needing to make an entirely new zone)</article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2332221#notice-4603595">In conversation</a><time datetime="2023-11-16T03:39:39+09:00" title="Thursday, 16-Nov-2023 03:39:39 JST">Thursday, 16-Nov-2023 03:39:39 JST</time> <span>from <span><a href="https://bikeshed.party/objects/36a9aa5a-8166-4dde-af5e-d137c447b435" rel="external" title="Sent from bikeshed.party via ActivityPub">bikeshed.party</a></span></span><a href="https://bikeshed.party/objects/36a9aa5a-8166-4dde-af5e-d137c447b435">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: www.foo.com</div><h5><a href="http://www.foo.com/?not_found=_acme-challenge.foo.com">Foo.com</a></h5><div></div></header><div></div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
feld (feld@bikeshed.party)'s status on Thursday, 16-Nov-2023 03:39:39 JSTfeld
in reply to
- Thomas Steen Rasmussen
@tykling No, it's not a CNAME, you want a NS for situations like AWS/Route53

new zone: _acme-challenge.foo.com.

In the parent zone make an NS for:

_acme-challenge.foo.com.

This delegates requests to your new sub-zone. And give the server a key that can only modify records in that subzone.

(if you are using BIND and maybe others you don't need to do this, IIRC you can be more granular without needing to make an entirely new zone)
In conversationThursday, 16-Nov-2023 03:39:39 JST from bikeshed.partypermalink
Attachments
1. Domain not in remote thumbnail source whitelist: www.foo.com
  Foo.com

Public

Embed Notice

HTML Code

Corresponding Notice