RFC2136 - delete a specific TXT record

SamLowry · September 28, 2020, 11:16am

For a Let’s Encrypt cert i add a TXT record.

nsupdate -d <<EOF
  server ns1.dynv6.com
  zone bla.dynv6.net
  update add_acme-challenge.bla.dynv6.net 120 TXT "ABCDEF1234567890"
  key hmac-sha256:tsig-123.dynv6.com YourSHAREDsecret==
  send
EOF

Works. Then I want to delete the same TXT record after I got the cert.

nsupdate -d <<EOF
  server ns1.dynv6.com
  zone bla.dynv6.net
  update del _acme-challenge.bla.dynv6.net 0 TXT "ABCDEF1234567890"
  key hmac-sha256:tsig-123.dynv6.com YourSHAREDsecret==
  send
EOF

No error, but doesn’t work. TXT record is still there. Why? It is according to [RFC2136 2.5.4].

dmke · October 19, 2020, 9:26am

Our RFC2136 API does currently not support deleting specific records.

I’ll be working on this today, maybe tomorrow.

Related: https://github.com/go-acme/lego/issues/1256

dmke · October 22, 2020, 11:57am

@SamLowry: I’ve found and fixed the problem in our implementation.

Deleting specific records is only supported for A, AAAA and TXT records (for now), as this should cover most of the use cases. Please let us know if this works for you.

SamLowry · October 27, 2020, 6:46pm

@dmke: Thank you, everything works as expected.