-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use direct DNS query for challenge pre-validation (#36)
It makes no sense to order challenge on ACME server while DNS record is being propagated thru DNS servers. Moreover such behavior causes premature failure of challenge on ACME server (e.g. Let's encrypt). So it is better to previously wait while DNS challenge is being resolved in a right way before send validation request to ACME server. Co-authored-by: Pavel Sviridov <[email protected]>
- Loading branch information
1 parent
6b9f912
commit 1140995
Showing
6 changed files
with
87 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
using AzAcme.Core.Providers.Models; | ||
|
||
namespace AzAcme.Core | ||
{ | ||
public interface IDnsLookup | ||
{ | ||
Task<bool> ValidateTxtRecords(Order order); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
using System.Net; | ||
using DnsClient; | ||
|
||
using AzAcme.Core.Providers.Helpers; | ||
using AzAcme.Core.Providers.Models; | ||
|
||
namespace AzAcme.Core.Providers | ||
{ | ||
public class DnsLookup : IDnsLookup | ||
{ | ||
private readonly IPEndPoint? nameServer; | ||
|
||
public DnsLookup() : this(null) { } | ||
|
||
public DnsLookup(IPEndPoint? nameServer) | ||
{ | ||
this.nameServer = nameServer; | ||
} | ||
|
||
public async Task<bool> ValidateTxtRecords(Order order) | ||
{ | ||
bool dnsResolved = true; | ||
|
||
var lookup = nameServer != null ? new LookupClient(nameServer) : new LookupClient(); | ||
|
||
foreach (var challenge in order.Challenges) | ||
{ | ||
var dnsName = DnsHelpers.DetermineTxtRecordName(challenge.Identitifer, string.Empty); | ||
|
||
var result = await lookup.QueryAsync(dnsName, QueryType.TXT); | ||
|
||
if (!result.Answers.TxtRecords().SelectMany(x => x.Text).Contains(challenge.TxtValue)) | ||
{ | ||
challenge.SetStatus(DnsChallenge.DnsChallengeStatus.Pending); | ||
dnsResolved = false; | ||
} | ||
} | ||
|
||
return dnsResolved; | ||
} | ||
} | ||
} |