Hi, I'm interested in the new ACME DNS feature, but I don't have a good understanding of its intended use case or its limitations.
The tld I use, 'ch', is not available for Route53, and I would like to better understand this feature and how I might develop an integration with a different DNS provider.
For my particular use case, my FreeNAS machine is on a small home network that uses a single RFC1918 subnet for IPv4 and also supports IPv6. The FreeNAS machine does not have IPv6 configured, but a few of its jails do. The router is configured to forward some ports on its dynamic, public IPv4 address to jails. I usually use mDNS to resolve the FreeNAS machine, but I also have a DNS domain that resolves 'myfreenas.mydomain.ch' to the RFC1918 address. I do not use a dynamic DNS service.
I am interested in using HTTPS for the FreeNAS UI and for its basic web server ('WebDAV') where my threat model is to protect against my too curious kids and their friends who have access to my wifi and to limit the impact of a comprised service on my network that may be able to sniff traffic.
Is this kind of home network one of the intended use cases for the new ACME DNS feature? If not, what are the intended use cases or threat models?
My registrar and DNS provider have an API that may manage TXT records, so I believe that I could create an integration similar to the use that has been written for AWS Route53. I have never done any FreeNAS development, so I would appreciate some pointers to source (besides, e.g., [1]) and to setting up a development/test environment.
Thanks lots,
Dan
[1]: https://github.com/freenas/freenas/...dlewared/middlewared/plugins/acme_protocol.py
The tld I use, 'ch', is not available for Route53, and I would like to better understand this feature and how I might develop an integration with a different DNS provider.
For my particular use case, my FreeNAS machine is on a small home network that uses a single RFC1918 subnet for IPv4 and also supports IPv6. The FreeNAS machine does not have IPv6 configured, but a few of its jails do. The router is configured to forward some ports on its dynamic, public IPv4 address to jails. I usually use mDNS to resolve the FreeNAS machine, but I also have a DNS domain that resolves 'myfreenas.mydomain.ch' to the RFC1918 address. I do not use a dynamic DNS service.
I am interested in using HTTPS for the FreeNAS UI and for its basic web server ('WebDAV') where my threat model is to protect against my too curious kids and their friends who have access to my wifi and to limit the impact of a comprised service on my network that may be able to sniff traffic.
Is this kind of home network one of the intended use cases for the new ACME DNS feature? If not, what are the intended use cases or threat models?
My registrar and DNS provider have an API that may manage TXT records, so I believe that I could create an integration similar to the use that has been written for AWS Route53. I have never done any FreeNAS development, so I would appreciate some pointers to source (besides, e.g., [1]) and to setting up a development/test environment.
Thanks lots,
Dan
[1]: https://github.com/freenas/freenas/...dlewared/middlewared/plugins/acme_protocol.py
