Use zone name when talking to DNS APIs

This should handle multiple zones more efficiently
This commit is contained in:
LukeHandle 2016-03-20 22:00:00 +00:00
parent 43c55a690f
commit 20ab8300eb
5 changed files with 56 additions and 39 deletions

View file

@ -21,7 +21,7 @@ var (
fqdnToZone = map[string]string{} fqdnToZone = map[string]string{}
) )
var recursiveNameserver = "google-public-dns-a.google.com:53" var RecursiveNameserver = "google-public-dns-a.google.com:53"
// DNS01Record returns a DNS record which will fulfill the `dns-01` challenge // DNS01Record returns a DNS record which will fulfill the `dns-01` challenge
func DNS01Record(domain, keyAuth string) (fqdn string, value string, ttl int) { func DNS01Record(domain, keyAuth string) (fqdn string, value string, ttl int) {
@ -90,7 +90,7 @@ func (s *dnsChallenge) Solve(chlng challenge, domain string) error {
// checkDNSPropagation checks if the expected TXT record has been propagated to all authoritative nameservers. // checkDNSPropagation checks if the expected TXT record has been propagated to all authoritative nameservers.
func checkDNSPropagation(fqdn, value string) (bool, error) { func checkDNSPropagation(fqdn, value string) (bool, error) {
// Initial attempt to resolve at the recursive NS // Initial attempt to resolve at the recursive NS
r, err := dnsQuery(fqdn, dns.TypeTXT, recursiveNameserver, true) r, err := dnsQuery(fqdn, dns.TypeTXT, RecursiveNameserver, true)
if err != nil { if err != nil {
return false, err return false, err
} }
@ -168,12 +168,12 @@ func dnsQuery(fqdn string, rtype uint16, nameserver string, recursive bool) (in
func lookupNameservers(fqdn string) ([]string, error) { func lookupNameservers(fqdn string) ([]string, error) {
var authoritativeNss []string var authoritativeNss []string
zone, err := FindZoneByFqdn(fqdn, recursiveNameserver) zone, err := FindZoneByFqdn(fqdn, RecursiveNameserver)
if err != nil { if err != nil {
return nil, err return nil, err
} }
r, err := dnsQuery(zone, dns.TypeNS, recursiveNameserver, true) r, err := dnsQuery(zone, dns.TypeNS, RecursiveNameserver, true)
if err != nil { if err != nil {
return nil, err return nil, err
} }

View file

@ -22,9 +22,16 @@ func NewDNSProviderManual() (*DNSProviderManual, error) {
func (*DNSProviderManual) Present(domain, token, keyAuth string) error { func (*DNSProviderManual) Present(domain, token, keyAuth string) error {
fqdn, value, ttl := DNS01Record(domain, keyAuth) fqdn, value, ttl := DNS01Record(domain, keyAuth)
dnsRecord := fmt.Sprintf(dnsTemplate, fqdn, ttl, value) dnsRecord := fmt.Sprintf(dnsTemplate, fqdn, ttl, value)
logf("[INFO] acme: Please create the following TXT record in your DNS zone:")
authZone, err := FindZoneByFqdn(fqdn, RecursiveNameserver)
if err != nil {
return err
}
logf("[INFO] acme: Please create the following TXT record in your %s zone:", authZone)
logf("[INFO] acme: %s", dnsRecord) logf("[INFO] acme: %s", dnsRecord)
logf("[INFO] acme: Press 'Enter' when you are done") logf("[INFO] acme: Press 'Enter' when you are done")
reader := bufio.NewReader(os.Stdin) reader := bufio.NewReader(os.Stdin)
_, _ = reader.ReadString('\n') _, _ = reader.ReadString('\n')
return nil return nil
@ -34,7 +41,13 @@ func (*DNSProviderManual) Present(domain, token, keyAuth string) error {
func (*DNSProviderManual) CleanUp(domain, token, keyAuth string) error { func (*DNSProviderManual) CleanUp(domain, token, keyAuth string) error {
fqdn, _, ttl := DNS01Record(domain, keyAuth) fqdn, _, ttl := DNS01Record(domain, keyAuth)
dnsRecord := fmt.Sprintf(dnsTemplate, fqdn, ttl, "...") dnsRecord := fmt.Sprintf(dnsTemplate, fqdn, ttl, "...")
logf("[INFO] acme: You can now remove this TXT record from your DNS zone:")
authZone, err := FindZoneByFqdn(fqdn, RecursiveNameserver)
if err != nil {
return err
}
logf("[INFO] acme: You can now remove this TXT record from your %s zone:", authZone)
logf("[INFO] acme: %s", dnsRecord) logf("[INFO] acme: %s", dnsRecord)
return nil return nil
} }

View file

@ -8,7 +8,6 @@ import (
"io" "io"
"net/http" "net/http"
"os" "os"
"strings"
"time" "time"
"github.com/xenolf/lego/acme" "github.com/xenolf/lego/acme"
@ -92,31 +91,27 @@ func (c *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
Name string `json:"name"` Name string `json:"name"`
} }
result, err := c.makeRequest("GET", "/zones?per_page=1000", nil) authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameserver)
if err != nil { if err != nil {
return "", err return "", err
} }
var zones []HostedZone result, err := c.makeRequest("GET", "/zones?name=" + acme.UnFqdn(authZone), nil)
err = json.Unmarshal(result, &zones)
if err != nil { if err != nil {
return "", err return "", err
} }
var hostedZone HostedZone var hostedZone []HostedZone
for _, zone := range zones { err = json.Unmarshal(result, &hostedZone)
name := acme.ToFqdn(zone.Name) if err != nil {
if strings.HasSuffix(fqdn, name) { return "", err
if len(zone.Name) > len(hostedZone.Name) {
hostedZone = zone
}
}
}
if hostedZone.ID == "" {
return "", fmt.Errorf("No matching CloudFlare zone found for %s", fqdn)
} }
return hostedZone.ID, nil if len(hostedZone) != 1 {
return "", fmt.Errorf("Zone %s not found in CloudFlare for domain %s", authZone, fqdn)
}
return hostedZone[0].ID, nil
} }
func (c *DNSProvider) findTxtRecord(fqdn string) (*cloudFlareRecord, error) { func (c *DNSProvider) findTxtRecord(fqdn string) (*cloudFlareRecord, error) {

View file

@ -70,24 +70,30 @@ func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
} }
func (c *DNSProvider) getHostedZone(domain string) (string, string, error) { func (c *DNSProvider) getHostedZone(domain string) (string, string, error) {
domains, _, err := c.client.Domains.List() zones, _, err := c.client.Domains.List()
if err != nil { if err != nil {
return "", "", fmt.Errorf("DNSimple API call failed: %v", err) return "", "", fmt.Errorf("DNSimple API call failed: %v", err)
} }
var hostedDomain dnsimple.Domain
for _, d := range domains { authZone, err := acme.FindZoneByFqdn(domain, acme.RecursiveNameserver)
if strings.HasSuffix(domain, d.Name) { if err != nil {
if len(d.Name) > len(hostedDomain.Name) { return "", "", err
hostedDomain = d
}
}
}
if hostedDomain.Id == 0 {
return "", "", fmt.Errorf("No matching DNSimple domain found for domain %s", domain)
} }
return fmt.Sprintf("%v", hostedDomain.Id), hostedDomain.Name, nil var hostedZone dnsimple.Domain
for _, zone := range zones {
if zone.Name == acme.UnFqdn(authZone) {
hostedZone = zone
}
}
if hostedZone.Id == 0 {
return "", "", fmt.Errorf("Zone %s not found in DNSimple for domain %s", authZone, domain)
}
return fmt.Sprintf("%v", hostedZone.Id), hostedZone.Name, nil
} }
func (c *DNSProvider) findTxtRecords(domain, fqdn string) ([]dnsimple.Record, error) { func (c *DNSProvider) findTxtRecords(domain, fqdn string) ([]dnsimple.Record, error) {

View file

@ -104,16 +104,19 @@ func (r *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
zones = append(zones, zoneResp.HostedZones...) zones = append(zones, zoneResp.HostedZones...)
} }
authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameserver)
if err != nil {
return "", err
}
var hostedZone route53.HostedZone var hostedZone route53.HostedZone
for _, zone := range zones { for _, zone := range zones {
if strings.HasSuffix(fqdn, zone.Name) { if zone.Name == authZone {
if len(zone.Name) > len(hostedZone.Name) {
hostedZone = zone hostedZone = zone
} }
} }
}
if hostedZone.ID == "" { if hostedZone.ID == "" {
return "", fmt.Errorf("No Route53 hosted zone found for domain %s", fqdn) return "", fmt.Errorf("Zone %s not found in Route53 for domain %s", authZone, fqdn)
} }
return hostedZone.ID, nil return hostedZone.ID, nil