RFC2136 TSIG for Let's Encrypt Trying to Update Wrong View


I am currently trying to setup RFC2136 Let's Encrypt with DNS challenge via RFC2136 with a BIND9 NS. My NS has 2 almost identical views(record name part is the same, except IP address). 1 internal and 1 external.

Internal is for my LAN split horizon DNS use, and the external is for external recursive DNS to get the DNS records for my domains only.

Currently, Traefik is trying to add the verification TXT record to the internal view, which is obviously wrong and will not work(did not configure RFC2136 for internal view, but this does not matter), since the verification TXT record has to be readable by the LE's servers.

Is there any way to specify the name of the view so traefik only add the TXT records to that view when trying to get a certificate?

Traefik dnsChallenge has a lot of ACME providers (doc), for more details check the used go-acme library page (link).

There are two full control options with exec and httpreq to trigger your own logic within a script or a web service, if the standard solutions don’t work for you.