Certain use cases preclude DNS dynamic updates to a zone for technical, policy or other reasons. This post explains a simple way to enable automatic DNS-based authorization for Let’s Encrypt certificates – and perhaps for other vendors’ – by way of delegating the authorization challenge to a trusted DNS zone.
I manage my own DNS servers for my personal projects and some of the causes I support. This gives me absolute control over the operation. Recently I decided to return to a 100% dynamically updated setup – where records can be added securely and in real time from anywhere. This post includes some notes on how to do this easily.
This post collects some of my notes in quickly configuring sets of domain names for DNSSEC using BIND9. There are many in-depth tutorials on setting up DNSSEC, so this is just my notes on how I deal with groups of tens to hundreds of domains at a time.