forked from TrueCloudLab/lego
Use zone name when talking to DNS APIs
This should handle multiple zones more efficiently
This commit is contained in:
parent
43c55a690f
commit
20ab8300eb
5 changed files with 56 additions and 39 deletions
|
@ -21,7 +21,7 @@ var (
|
||||||
fqdnToZone = map[string]string{}
|
fqdnToZone = map[string]string{}
|
||||||
)
|
)
|
||||||
|
|
||||||
var recursiveNameserver = "google-public-dns-a.google.com:53"
|
var RecursiveNameserver = "google-public-dns-a.google.com:53"
|
||||||
|
|
||||||
// DNS01Record returns a DNS record which will fulfill the `dns-01` challenge
|
// DNS01Record returns a DNS record which will fulfill the `dns-01` challenge
|
||||||
func DNS01Record(domain, keyAuth string) (fqdn string, value string, ttl int) {
|
func DNS01Record(domain, keyAuth string) (fqdn string, value string, ttl int) {
|
||||||
|
@ -90,7 +90,7 @@ func (s *dnsChallenge) Solve(chlng challenge, domain string) error {
|
||||||
// checkDNSPropagation checks if the expected TXT record has been propagated to all authoritative nameservers.
|
// checkDNSPropagation checks if the expected TXT record has been propagated to all authoritative nameservers.
|
||||||
func checkDNSPropagation(fqdn, value string) (bool, error) {
|
func checkDNSPropagation(fqdn, value string) (bool, error) {
|
||||||
// Initial attempt to resolve at the recursive NS
|
// Initial attempt to resolve at the recursive NS
|
||||||
r, err := dnsQuery(fqdn, dns.TypeTXT, recursiveNameserver, true)
|
r, err := dnsQuery(fqdn, dns.TypeTXT, RecursiveNameserver, true)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, err
|
return false, err
|
||||||
}
|
}
|
||||||
|
@ -168,12 +168,12 @@ func dnsQuery(fqdn string, rtype uint16, nameserver string, recursive bool) (in
|
||||||
func lookupNameservers(fqdn string) ([]string, error) {
|
func lookupNameservers(fqdn string) ([]string, error) {
|
||||||
var authoritativeNss []string
|
var authoritativeNss []string
|
||||||
|
|
||||||
zone, err := FindZoneByFqdn(fqdn, recursiveNameserver)
|
zone, err := FindZoneByFqdn(fqdn, RecursiveNameserver)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
r, err := dnsQuery(zone, dns.TypeNS, recursiveNameserver, true)
|
r, err := dnsQuery(zone, dns.TypeNS, RecursiveNameserver, true)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,9 +22,16 @@ func NewDNSProviderManual() (*DNSProviderManual, error) {
|
||||||
func (*DNSProviderManual) Present(domain, token, keyAuth string) error {
|
func (*DNSProviderManual) Present(domain, token, keyAuth string) error {
|
||||||
fqdn, value, ttl := DNS01Record(domain, keyAuth)
|
fqdn, value, ttl := DNS01Record(domain, keyAuth)
|
||||||
dnsRecord := fmt.Sprintf(dnsTemplate, fqdn, ttl, value)
|
dnsRecord := fmt.Sprintf(dnsTemplate, fqdn, ttl, value)
|
||||||
logf("[INFO] acme: Please create the following TXT record in your DNS zone:")
|
|
||||||
|
authZone, err := FindZoneByFqdn(fqdn, RecursiveNameserver)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
logf("[INFO] acme: Please create the following TXT record in your %s zone:", authZone)
|
||||||
logf("[INFO] acme: %s", dnsRecord)
|
logf("[INFO] acme: %s", dnsRecord)
|
||||||
logf("[INFO] acme: Press 'Enter' when you are done")
|
logf("[INFO] acme: Press 'Enter' when you are done")
|
||||||
|
|
||||||
reader := bufio.NewReader(os.Stdin)
|
reader := bufio.NewReader(os.Stdin)
|
||||||
_, _ = reader.ReadString('\n')
|
_, _ = reader.ReadString('\n')
|
||||||
return nil
|
return nil
|
||||||
|
@ -34,7 +41,13 @@ func (*DNSProviderManual) Present(domain, token, keyAuth string) error {
|
||||||
func (*DNSProviderManual) CleanUp(domain, token, keyAuth string) error {
|
func (*DNSProviderManual) CleanUp(domain, token, keyAuth string) error {
|
||||||
fqdn, _, ttl := DNS01Record(domain, keyAuth)
|
fqdn, _, ttl := DNS01Record(domain, keyAuth)
|
||||||
dnsRecord := fmt.Sprintf(dnsTemplate, fqdn, ttl, "...")
|
dnsRecord := fmt.Sprintf(dnsTemplate, fqdn, ttl, "...")
|
||||||
logf("[INFO] acme: You can now remove this TXT record from your DNS zone:")
|
|
||||||
|
authZone, err := FindZoneByFqdn(fqdn, RecursiveNameserver)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
logf("[INFO] acme: You can now remove this TXT record from your %s zone:", authZone)
|
||||||
logf("[INFO] acme: %s", dnsRecord)
|
logf("[INFO] acme: %s", dnsRecord)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,7 +8,6 @@ import (
|
||||||
"io"
|
"io"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
"strings"
|
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/xenolf/lego/acme"
|
"github.com/xenolf/lego/acme"
|
||||||
|
@ -92,31 +91,27 @@ func (c *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
|
||||||
Name string `json:"name"`
|
Name string `json:"name"`
|
||||||
}
|
}
|
||||||
|
|
||||||
result, err := c.makeRequest("GET", "/zones?per_page=1000", nil)
|
authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameserver)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
var zones []HostedZone
|
result, err := c.makeRequest("GET", "/zones?name=" + acme.UnFqdn(authZone), nil)
|
||||||
err = json.Unmarshal(result, &zones)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
var hostedZone HostedZone
|
var hostedZone []HostedZone
|
||||||
for _, zone := range zones {
|
err = json.Unmarshal(result, &hostedZone)
|
||||||
name := acme.ToFqdn(zone.Name)
|
if err != nil {
|
||||||
if strings.HasSuffix(fqdn, name) {
|
return "", err
|
||||||
if len(zone.Name) > len(hostedZone.Name) {
|
|
||||||
hostedZone = zone
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if hostedZone.ID == "" {
|
|
||||||
return "", fmt.Errorf("No matching CloudFlare zone found for %s", fqdn)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return hostedZone.ID, nil
|
if len(hostedZone) != 1 {
|
||||||
|
return "", fmt.Errorf("Zone %s not found in CloudFlare for domain %s", authZone, fqdn)
|
||||||
|
}
|
||||||
|
|
||||||
|
return hostedZone[0].ID, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *DNSProvider) findTxtRecord(fqdn string) (*cloudFlareRecord, error) {
|
func (c *DNSProvider) findTxtRecord(fqdn string) (*cloudFlareRecord, error) {
|
||||||
|
|
|
@ -70,24 +70,30 @@ func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *DNSProvider) getHostedZone(domain string) (string, string, error) {
|
func (c *DNSProvider) getHostedZone(domain string) (string, string, error) {
|
||||||
domains, _, err := c.client.Domains.List()
|
zones, _, err := c.client.Domains.List()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", "", fmt.Errorf("DNSimple API call failed: %v", err)
|
return "", "", fmt.Errorf("DNSimple API call failed: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
var hostedDomain dnsimple.Domain
|
|
||||||
for _, d := range domains {
|
authZone, err := acme.FindZoneByFqdn(domain, acme.RecursiveNameserver)
|
||||||
if strings.HasSuffix(domain, d.Name) {
|
if err != nil {
|
||||||
if len(d.Name) > len(hostedDomain.Name) {
|
return "", "", err
|
||||||
hostedDomain = d
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if hostedDomain.Id == 0 {
|
|
||||||
return "", "", fmt.Errorf("No matching DNSimple domain found for domain %s", domain)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return fmt.Sprintf("%v", hostedDomain.Id), hostedDomain.Name, nil
|
var hostedZone dnsimple.Domain
|
||||||
|
for _, zone := range zones {
|
||||||
|
if zone.Name == acme.UnFqdn(authZone) {
|
||||||
|
hostedZone = zone
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if hostedZone.Id == 0 {
|
||||||
|
return "", "", fmt.Errorf("Zone %s not found in DNSimple for domain %s", authZone, domain)
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
return fmt.Sprintf("%v", hostedZone.Id), hostedZone.Name, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *DNSProvider) findTxtRecords(domain, fqdn string) ([]dnsimple.Record, error) {
|
func (c *DNSProvider) findTxtRecords(domain, fqdn string) ([]dnsimple.Record, error) {
|
||||||
|
|
|
@ -104,16 +104,19 @@ func (r *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
|
||||||
zones = append(zones, zoneResp.HostedZones...)
|
zones = append(zones, zoneResp.HostedZones...)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameserver)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
var hostedZone route53.HostedZone
|
var hostedZone route53.HostedZone
|
||||||
for _, zone := range zones {
|
for _, zone := range zones {
|
||||||
if strings.HasSuffix(fqdn, zone.Name) {
|
if zone.Name == authZone {
|
||||||
if len(zone.Name) > len(hostedZone.Name) {
|
|
||||||
hostedZone = zone
|
hostedZone = zone
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
if hostedZone.ID == "" {
|
if hostedZone.ID == "" {
|
||||||
return "", fmt.Errorf("No Route53 hosted zone found for domain %s", fqdn)
|
return "", fmt.Errorf("Zone %s not found in Route53 for domain %s", authZone, fqdn)
|
||||||
}
|
}
|
||||||
|
|
||||||
return hostedZone.ID, nil
|
return hostedZone.ID, nil
|
||||||
|
|
Loading…
Reference in a new issue