From bcd9281213d303308fb1f87782a342f66b3d8800 Mon Sep 17 00:00:00 2001
From: Dominik Chilla <dominik@zwackl.de>
Date: Sat, 8 May 2021 12:01:26 +0200
Subject: [PATCH] cert-manager with split-horizon DNS

---
 README.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index e4e25ac..e045a11 100644
--- a/README.md
+++ b/README.md
@@ -269,12 +269,14 @@ A possible fix: `kubectl -n ingress-nginx delete ValidatingWebhookConfiguration
 # Cert-Manager (references ingress controller) <a name="user-content-cert-manager"></a>
 ## Installation <a name="user-content-cert-manager-install"></a>
 Docs: https://hub.helm.sh/charts/jetstack/cert-manager
+
+**Note on split-horizon DNS**: If you are planning to use DNS-01 validation in term of [split-horizon-DNS](https://en.wikipedia.org/wiki/Split-horizon_DNS) you will need to specify an external DNS-resolver (Google, Cloudflare or your ISPs resolver) instead of your internal upstream DNS-resolver for DNS self-checks! Read [this](https://cert-manager.io/docs/configuration/acme/dns01/#setting-nameservers-for-dns01-self-check) for further details.
 ```
 helm repo add jetstack https://charts.jetstack.io
 helm repo update
 kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.2/cert-manager.crds.yaml
 kubectl create namespace cert-manager
-helm install cert-manager --namespace cert-manager jetstack/cert-manager
+helm install cert-manager --namespace cert-manager --set 'extraArgs={--dns01-recursive-nameservers-only,--dns01-recursive-nameservers=8.8.8.8:53\,1.1.1.1:53}' jetstack/cert-manager
 kubectl -n cert-manager get all
 ```
 ## Let´s Encrypt issuer <a name="user-content-cert-manager-le-issuer"></a>