wrong zone name on 3 digit sub-domain

[Mandarnold]

Hi,

i have a 3 digits subdomain - int.domain.com When I try to get certificate for project.int.domain.com, the pdns webook is using int.domain.com as zone-name for the PDNS API and fails, because the zone doesn't exists. If I use 4 or more or 2 digits subdomain, it works with no problem. Is it possible to fix that?

Thank you Sascha

[zachomedia]

Hello @Mandarnold, the resolution of the zone a record is in is done by cert-manager (https://cert-manager.io/v1.6-docs/faq/acme/#cert-manager-identifies-the-wrong-zone-for-your-domain-name).

cert-manager by default uses SOA (Start of Authority) records to determine which zone name to use at your DNS provider. Some DNS resolvers will filter this information, if this is the case cert-manager cannot determine the zone and it is advised to change the DNS server for DNS01 self-checks.

Can you check if there is a SOA record at int.domain.com? If not, then you might have to reach out out to the cert-manager project for help.

[Mandarnold]

Hi @zachomedia, thank you for this fast answer. Very good hint, the cert-manager is installed by helm, so it uses the only internal DNS-Server, which has the zone int.domain.com... :-) Ok, I try it with the --dns01-recursive-nameservers option...

Thank you very much...

[zachomedia]

Given your success in #37, I hope this means this is no longer an issue. However, if you do encounter any issues, please don't hesitate to reach out.