From e2ac1b06a730b8a8c76dfbccd30a65145fac33e2 Mon Sep 17 00:00:00 2001 From: Fernandez Ludovic Date: Wed, 28 Aug 2024 17:31:31 +0200 Subject: [PATCH] wip: at least one --- challenge/dns01/precheck.go | 52 ++++++++++++++++++++++++++++++++++++- 1 file changed, 51 insertions(+), 1 deletion(-) diff --git a/challenge/dns01/precheck.go b/challenge/dns01/precheck.go index f65dfb5af8..933a2512bc 100644 --- a/challenge/dns01/precheck.go +++ b/challenge/dns01/precheck.go @@ -72,7 +72,8 @@ func (p preCheck) checkDNSPropagation(fqdn, value string) (bool, error) { return false, err } - return checkAuthoritativeNss(fqdn, value, authoritativeNss) + // TODO only for debug + return atLeastOneAuthoritativeNss(fqdn, value, authoritativeNss) } // checkAuthoritativeNss queries each of the given nameservers for the expected TXT record. @@ -108,3 +109,52 @@ func checkAuthoritativeNss(fqdn, value string, nameservers []string) (bool, erro return true, nil } + +// TODO only for debug +func atLeastOneAuthoritativeNss(fqdn, value string, nameservers []string) (bool, error) { + var lastErr error + + for _, ns := range nameservers { + found, err := hasTXTEntry(fqdn, value, ns) + if err != nil { + lastErr = err + continue + } + + return found, nil + } + + return false, lastErr +} + +// TODO only for debug +func hasTXTEntry(fqdn, value, ns string) (bool, error) { + r, err := dnsQuery(fqdn, dns.TypeTXT, []string{net.JoinHostPort(ns, "53")}, false) + if err != nil { + return false, err + } + + if r.Rcode != dns.RcodeSuccess { + return false, fmt.Errorf("NS %s returned %s for %s", ns, dns.RcodeToString[r.Rcode], fqdn) + } + + var records []string + + var found bool + for _, rr := range r.Answer { + if txt, ok := rr.(*dns.TXT); ok { + record := strings.Join(txt.Txt, "") + records = append(records, record) + if record == value { + found = true + break + } + } + } + + if !found { + return false, fmt.Errorf("NS %s did not return the expected TXT record [fqdn: %s, value: %s]: %s", ns, fqdn, value, strings.Join(records, " ,")) + } + + return true, nil +}