Closed Tristan971 closed 2 weeks ago
Hey @inteon, I would like to try to work on this issue. Kindly assign to me, thanks!
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Send feedback to jetstack.
/lifecycle stale
Hello! It is omnipresent Oleksandr again. Are you planning to include this fix into new release? If no, I would like to work on this.
@arsenalzp Yes, you can claim this issue. We will gladly accept a PR that fixes this issue 👍.
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close
.
/lifecycle rotten
/remove-lifecycle stale
/remove-lifecycle rotten
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
/lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close
.
/lifecycle rotten
/remove-lifecycle stale
/priority backlog
Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen
.
Mark the issue as fresh with /remove-lifecycle rotten
.
/close
@cert-manager-bot: Closing this issue.
Describe the bug: When using an RFC2136-type issuer, the record update query is sent using UDP, and never retried with TCP in case of being replied to with TC=1 by the nameserver.
Expected behaviour: Such a situation should lead to one of:
Steps to reproduce the bug:
Anything else we need to know?:
Here's an excerpt of the associated logs at logLevel 6 which shows the issue better (annotated)
An easy solution for us was allowing UDP towards our hidden master (which is sitting inside our cluster, hence the issuer's nameserver's IP), since we can then keep our TCP-only policy on our publicly exposed replicas.
The issue here is twofold, in here:
https://github.com/cert-manager/cert-manager/blob/b53527eb787c508a2dc0a27853cd4eb4b138faf6/pkg/issuer/acme/dns/rfc2136/rfc2136.go#L137-L144
Environment details::
/kind bug