Skip to content

Commit f60ce01

Browse files
crccwmholt
crccw
and
mholt
authored
Implement OverrideDomain is DNS01Solver (#160)
* Add OverrideDomain option to DNS01Solver This is to delegate the challenge to a different domain. With this change, the solver no longer follows CNAME chain when checking for propagation as well. * Update solvers.go * Only check the authoritative NS when OverrideDomain is set and keep the old code path otherwise. Co-authored-by: Matt Holt <[email protected]>
1 parent 797d29b commit f60ce01

File tree

1 file changed

+16
-1
lines changed

1 file changed

+16
-1
lines changed

solvers.go

+16-1
Original file line numberDiff line numberDiff line change
@@ -252,13 +252,21 @@ type DNS01Solver struct {
252252
// Preferred DNS resolver(s) to use when doing DNS lookups.
253253
Resolvers []string
254254

255+
// Override the domain to set the TXT record on. This is
256+
// to delegate the challenge to a different domain. Note
257+
// that the solver doesn't follow CNAME/NS record.
258+
OverrideDomain string
259+
255260
txtRecords map[string]dnsPresentMemory // keyed by domain name
256261
txtRecordsMu sync.Mutex
257262
}
258263

259264
// Present creates the DNS TXT record for the given ACME challenge.
260265
func (s *DNS01Solver) Present(ctx context.Context, challenge acme.Challenge) error {
261266
dnsName := challenge.DNS01TXTRecordName()
267+
if s.OverrideDomain != "" {
268+
dnsName = s.OverrideDomain
269+
}
262270
keyAuth := challenge.DNS01KeyAuthorization()
263271

264272
// multiple identifiers can have the same ACME challenge
@@ -304,6 +312,9 @@ func (s *DNS01Solver) Present(ctx context.Context, challenge acme.Challenge) err
304312
// timeout, whichever is first.
305313
func (s *DNS01Solver) Wait(ctx context.Context, challenge acme.Challenge) error {
306314
dnsName := challenge.DNS01TXTRecordName()
315+
if s.OverrideDomain != "" {
316+
dnsName = s.OverrideDomain
317+
}
307318
keyAuth := challenge.DNS01KeyAuthorization()
308319

309320
timeout := s.PropagationTimeout
@@ -323,7 +334,11 @@ func (s *DNS01Solver) Wait(ctx context.Context, challenge acme.Challenge) error
323334
return ctx.Err()
324335
}
325336
var ready bool
326-
ready, err = checkDNSPropagation(dnsName, keyAuth, resolvers)
337+
if s.OverrideDomain == "" {
338+
ready, err = checkDNSPropagation(dnsName, keyAuth, resolvers)
339+
} else {
340+
ready, err = checkAuthoritativeNss(dnsName, keyAuth, resolvers)
341+
}
327342
if err != nil {
328343
return fmt.Errorf("checking DNS propagation of %s: %w", dnsName, err)
329344
}

0 commit comments

Comments
 (0)