TrueCloudLab/lego
15
0
Fork 4
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity

fix: rfc2136 must be run sequentially. (#745)

Browse source
This commit is contained in:
Ludovic Fernandez 2019-01-09 08:23:33 +01:00 committed by GitHub
parent 41737739f2
commit b1fd570987
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
cmd/cmd_dnshelp.go
View file

@ -123,7 +123,7 @@ Here is an example bash command using the CloudFlare DNS provider:
fmt.Fprintln(w, "\tovh:\tOVH_POLLING_INTERVAL, OVH_PROPAGATION_TIMEOUT, OVH_TTL, OVH_HTTP_TIMEOUT") fmt.Fprintln(w, "\tovh:\tOVH_POLLING_INTERVAL, OVH_PROPAGATION_TIMEOUT, OVH_TTL, OVH_HTTP_TIMEOUT")
fmt.Fprintln(w, "\tpdns:\tPDNS_POLLING_INTERVAL, PDNS_PROPAGATION_TIMEOUT, PDNS_TTL, PDNS_HTTP_TIMEOUT") fmt.Fprintln(w, "\tpdns:\tPDNS_POLLING_INTERVAL, PDNS_PROPAGATION_TIMEOUT, PDNS_TTL, PDNS_HTTP_TIMEOUT")
fmt.Fprintln(w, "\trackspace:\tRACKSPACE_POLLING_INTERVAL, RACKSPACE_PROPAGATION_TIMEOUT, RACKSPACE_TTL, RACKSPACE_HTTP_TIMEOUT") fmt.Fprintln(w, "\trackspace:\tRACKSPACE_POLLING_INTERVAL, RACKSPACE_PROPAGATION_TIMEOUT, RACKSPACE_TTL, RACKSPACE_HTTP_TIMEOUT")
fmt.Fprintln(w, "\trfc2136:\tRFC2136_POLLING_INTERVAL, RFC2136_PROPAGATION_TIMEOUT, RFC2136_TTL") fmt.Fprintln(w, "\trfc2136:\tRFC2136_POLLING_INTERVAL, RFC2136_PROPAGATION_TIMEOUT, RFC2136_TTL, RFC2136_SEQUENCE_INTERVAL, RFC2136_DNS_TIMEOUT")
fmt.Fprintln(w, "\troute53:\tAWS_POLLING_INTERVAL, AWS_PROPAGATION_TIMEOUT, AWS_TTL") fmt.Fprintln(w, "\troute53:\tAWS_POLLING_INTERVAL, AWS_PROPAGATION_TIMEOUT, AWS_TTL")
fmt.Fprintln(w, "\tsakuracloud:\tSAKURACLOUD_POLLING_INTERVAL, SAKURACLOUD_PROPAGATION_TIMEOUT, SAKURACLOUD_TTL") fmt.Fprintln(w, "\tsakuracloud:\tSAKURACLOUD_POLLING_INTERVAL, SAKURACLOUD_PROPAGATION_TIMEOUT, SAKURACLOUD_TTL")
fmt.Fprintln(w, "\tselectel:\tSELECTEL_BASE_URL, SELECTEL_TTL, SELECTEL_PROPAGATION_TIMEOUT, SELECTEL_POLLING_INTERVAL, SELECTEL_HTTP_TIMEOUT") fmt.Fprintln(w, "\tselectel:\tSELECTEL_BASE_URL, SELECTEL_TTL, SELECTEL_PROPAGATION_TIMEOUT, SELECTEL_POLLING_INTERVAL, SELECTEL_HTTP_TIMEOUT")

27
providers/dns/rfc2136/rfc2136.go
View file

@ -22,16 +22,19 @@ type Config struct {
PropagationTimeout time.Duration PropagationTimeout time.Duration
PollingInterval time.Duration PollingInterval time.Duration
TTL int TTL int
SequenceInterval time.Duration
DNSTimeout time.Duration
} }
// NewDefaultConfig returns a default configuration for the DNSProvider // NewDefaultConfig returns a default configuration for the DNSProvider
func NewDefaultConfig() *Config { func NewDefaultConfig() *Config {
return &Config{ return &Config{
TSIGAlgorithm: env.GetOrDefaultString("RFC2136_TSIG_ALGORITHM", dns.HmacMD5), TSIGAlgorithm: env.GetOrDefaultString("RFC2136_TSIG_ALGORITHM", dns.HmacMD5),
TTL: env.GetOrDefaultInt("RFC2136_TTL", dns01.DefaultTTL), TTL: env.GetOrDefaultInt("RFC2136_TTL", dns01.DefaultTTL),
PropagationTimeout: env.GetOrDefaultSecond("RFC2136_PROPAGATION_TIMEOUT", PropagationTimeout: env.GetOrDefaultSecond("RFC2136_PROPAGATION_TIMEOUT", env.GetOrDefaultSecond("RFC2136_TIMEOUT", 60*time.Second)),
env.GetOrDefaultSecond("RFC2136_TIMEOUT", 60*time.Second)), PollingInterval: env.GetOrDefaultSecond("RFC2136_POLLING_INTERVAL", 2*time.Second),
PollingInterval: env.GetOrDefaultSecond("RFC2136_POLLING_INTERVAL", 2*time.Second), SequenceInterval: env.GetOrDefaultSecond("RFC2136_SEQUENCE_INTERVAL", dns01.DefaultPropagationTimeout),
DNSTimeout: env.GetOrDefaultSecond("RFC2136_DNS_TIMEOUT", 10*time.Second),
} }
} }
@ -102,13 +105,19 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
return d.config.PropagationTimeout, d.config.PollingInterval return d.config.PropagationTimeout, d.config.PollingInterval
} }
// Sequential All DNS challenges for this provider will be resolved sequentially.
// Returns the interval between each iteration.
func (d *DNSProvider) Sequential() time.Duration {
return d.config.SequenceInterval
}
// Present creates a TXT record using the specified parameters // Present creates a TXT record using the specified parameters
func (d *DNSProvider) Present(domain, token, keyAuth string) error { func (d *DNSProvider) Present(domain, token, keyAuth string) error {
fqdn, value := dns01.GetRecord(domain, keyAuth) fqdn, value := dns01.GetRecord(domain, keyAuth)
err := d.changeRecord("INSERT", fqdn, value, d.config.TTL) err := d.changeRecord("INSERT", fqdn, value, d.config.TTL)
if err != nil { if err != nil {
return fmt.Errorf("rfc2136: %v", err) return fmt.Errorf("rfc2136: failed to insert: %v", err)
} }
return nil return nil
} }
@ -119,7 +128,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
err := d.changeRecord("REMOVE", fqdn, value, d.config.TTL) err := d.changeRecord("REMOVE", fqdn, value, d.config.TTL)
if err != nil { if err != nil {
return fmt.Errorf("rfc2136: %v", err) return fmt.Errorf("rfc2136: failed to remove: %v", err)
} }
return nil return nil
} }
@ -152,7 +161,7 @@ func (d *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error {
} }
// Setup client // Setup client
c := new(dns.Client) c := &dns.Client{Timeout: d.config.DNSTimeout}
c.SingleInflight = true c.SingleInflight = true
// TSIG authentication / msg signing // TSIG authentication / msg signing
@ -167,7 +176,7 @@ func (d *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error {
return fmt.Errorf("DNS update failed: %v", err) return fmt.Errorf("DNS update failed: %v", err)
} }
if reply != nil && reply.Rcode != dns.RcodeSuccess { if reply != nil && reply.Rcode != dns.RcodeSuccess {
return fmt.Errorf("DNS update failed. Server replied: %s", dns.RcodeToString[reply.Rcode]) return fmt.Errorf("DNS update failed: server replied: %s", dns.RcodeToString[reply.Rcode])
} }
return nil return nil