Whilst investigating an issue with acme.sh which I have configured to use lexicon as the provider, I have found that lexicon is not correctly handling errors from DDNS updates.
According to RFC2136, an RCode of 9 means NOTAUTH - The server is not authoritative for the zone named in the Zone Section.
Attempting to update a zone which does not exist on the target server returns this NOTAUTH RCode and results in no change being made on the server, however lexicon still reports:
RESULT
------
True
I do not know if lexicon is failing to handle other RCodes in the RFC, I have not tested this.
This can be tested with the following setup:
DNS server has a zone for domain.com
The following command is used to try and update the zone _acme-challenge.domain.com with the name _acme-challenge.domain.com and the value abcdefg which will fail silently with RCode 9:
Whilst investigating an issue with acme.sh which I have configured to use lexicon as the provider, I have found that lexicon is not correctly handling errors from DDNS updates.
According to RFC2136, an RCode of 9 means
NOTAUTH - The server is not authoritative for the zone named in the Zone Section.Attempting to update a zone which does not exist on the target server returns this NOTAUTH RCode and results in no change being made on the server, however lexicon still reports:
I do not know if lexicon is failing to handle other RCodes in the RFC, I have not tested this.
This can be tested with the following setup:
domain.com_acme-challenge.domain.comwith the name_acme-challenge.domain.comand the valueabcdefgwhich will fail silently with RCode 9:domain.comwith the name_acme-challenge.domain.comand the valueabcdefgwhich will succeed: