RFC2136 - delete a specific TXT record

For a Let’s Encrypt cert i add a TXT record.

nsupdate -d <<EOF
  server ns1.dynv6.com
  zone bla.dynv6.net
  update add_acme-challenge.bla.dynv6.net 120 TXT "ABCDEF1234567890"
  key hmac-sha256:tsig-123.dynv6.com YourSHAREDsecret==
  send
EOF

Works. Then I want to delete the same TXT record after I got the cert.

nsupdate -d <<EOF
  server ns1.dynv6.com
  zone bla.dynv6.net
  update del _acme-challenge.bla.dynv6.net 0 TXT "ABCDEF1234567890"
  key hmac-sha256:tsig-123.dynv6.com YourSHAREDsecret==
  send
EOF

No error, but doesn’t work. TXT record is still there. Why? It is according to [RFC2136 2.5.4].

Our RFC2136 API does currently not support deleting specific records.

I’ll be working on this today, maybe tomorrow.

Related: https://github.com/go-acme/lego/issues/1256

@SamLowry: I’ve found and fixed the problem in our implementation.

Deleting specific records is only supported for A, AAAA and TXT records (for now), as this should cover most of the use cases. Please let us know if this works for you.

@dmke: Thank you, everything works as expected. :grinning: :+1:

1 Like