I recently installed two new internal PowerDNS servers that resolve my public domain zone to private IP addresses, while (only) some of the records are publicly resolved to the NAT IP address on the firewall.
My problem is that with this setup, even tho the public zone exist in the DNS provider on Træfik, the plugin/middleware can't determine the zone (because it's also resolved internally) and does not issue SSL certs: no SSL cert on internal DNS server · GitHub
My theory was that since the zone is publicly hosted on Hetzner's DNS servers, Træfik would go to Hetzner to put the TXT records and let me get SSL certificates that are valid both publicly and privately, so that the services that are also publicly facing would be secured, while the services that are only internal (like the Heimdall dashboard) would also have an actual and real SSL certificate like if it was hosted on the internet with a public IP address.
Is this completely not possible? Would I resolve this issue by just changing the Træfik container DNS servers in
resolv.conf to point to CloudFlare or Quad9 or whatever? Do you have any other solution in mind?
Thanks in advance!!