From 79f14b5ab2eca5ae200a65e86c10988a27325d3f Mon Sep 17 00:00:00 2001 From: Ludovic Fernandez Date: Tue, 9 Oct 2018 18:22:45 +0200 Subject: [PATCH] The TTL Min limit should throw an error. (#663) --- Makefile | 1 - providers/dns/acmedns/acmedns.go | 5 ++--- providers/dns/cloudflare/cloudflare.go | 2 +- providers/dns/godaddy/godaddy.go | 8 ++++---- providers/dns/linode/linode.go | 10 +++++++--- providers/dns/linodev4/linodev4.go | 10 +++++++--- providers/dns/namedotcom/namedotcom.go | 9 ++++++++- providers/dns/otc/otc.go | 8 ++++---- 8 files changed, 33 insertions(+), 20 deletions(-) diff --git a/Makefile b/Makefile index 9ec2590f..ee97e8c4 100644 --- a/Makefile +++ b/Makefile @@ -10,7 +10,6 @@ clean: build: clean go build - dependencies: dep ensure -v diff --git a/providers/dns/acmedns/acmedns.go b/providers/dns/acmedns/acmedns.go index 7e650755..9ad0ef36 100644 --- a/providers/dns/acmedns/acmedns.go +++ b/providers/dns/acmedns/acmedns.go @@ -1,6 +1,5 @@ -// Package acmedns implements a DNS provider for solving DNS-01 challenges using -// Joohoi's acme-dns project. For more information see the ACME-DNS homepage: -// https://github.com/joohoi/acme-dns +// Package acmedns implements a DNS provider for solving DNS-01 challenges using Joohoi's acme-dns project. +// For more information see the ACME-DNS homepage: https://github.com/joohoi/acme-dns package acmedns import ( diff --git a/providers/dns/cloudflare/cloudflare.go b/providers/dns/cloudflare/cloudflare.go index a0d379c0..2836f213 100644 --- a/providers/dns/cloudflare/cloudflare.go +++ b/providers/dns/cloudflare/cloudflare.go @@ -85,7 +85,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) { } if config.TTL < minTTL { - config.TTL = minTTL + return nil, fmt.Errorf("cloudflare: invalid TTL, TTL (%d) must be greater than %d", config.TTL, minTTL) } client, err := cloudflare.New(config.AuthKey, config.AuthEmail, cloudflare.HTTPClient(config.HTTPClient)) diff --git a/providers/dns/godaddy/godaddy.go b/providers/dns/godaddy/godaddy.go index 804fd180..8aebde65 100644 --- a/providers/dns/godaddy/godaddy.go +++ b/providers/dns/godaddy/godaddy.go @@ -86,6 +86,10 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) { return nil, fmt.Errorf("godaddy: credentials missing") } + if config.TTL < minTTL { + return nil, fmt.Errorf("godaddy: invalid TTL, TTL (%d) must be greater than %d", config.TTL, minTTL) + } + return &DNSProvider{config: config}, nil } @@ -111,10 +115,6 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error { return err } - if d.config.TTL < minTTL { - d.config.TTL = minTTL - } - recordName := d.extractRecordName(fqdn, domainZone) rec := []DNSRecord{ { diff --git a/providers/dns/linode/linode.go b/providers/dns/linode/linode.go index 9f25e525..09b92e99 100644 --- a/providers/dns/linode/linode.go +++ b/providers/dns/linode/linode.go @@ -14,7 +14,7 @@ import ( ) const ( - dnsMinTTLSecs = 300 + minTTL = 300 dnsUpdateFreqMins = 15 dnsUpdateFudgeSecs = 120 ) @@ -30,7 +30,7 @@ type Config struct { func NewDefaultConfig() *Config { return &Config{ PollingInterval: env.GetOrDefaultSecond("LINODE_POLLING_INTERVAL", 15*time.Second), - TTL: env.GetOrDefaultInt("LINODE_TTL", 60), + TTL: env.GetOrDefaultInt("LINODE_TTL", minTTL), } } @@ -79,6 +79,10 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) { return nil, errors.New("linode: credentials missing") } + if config.TTL < minTTL { + return nil, fmt.Errorf("linode: invalid TTL, TTL (%d) must be greater than %d", config.TTL, minTTL) + } + return &DNSProvider{ config: config, client: dns.New(config.APIKey), @@ -96,7 +100,7 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) { minsRemaining := dnsUpdateFreqMins - (time.Now().Minute() % dnsUpdateFreqMins) timeout = (time.Duration(minsRemaining) * time.Minute) + - (dnsMinTTLSecs * time.Second) + + (minTTL * time.Second) + (dnsUpdateFudgeSecs * time.Second) interval = d.config.PollingInterval return diff --git a/providers/dns/linodev4/linodev4.go b/providers/dns/linodev4/linodev4.go index 2c75f176..97903e9c 100644 --- a/providers/dns/linodev4/linodev4.go +++ b/providers/dns/linodev4/linodev4.go @@ -18,7 +18,7 @@ import ( ) const ( - dnsMinTTLSecs = 300 + minTTL = 300 dnsUpdateFreqMins = 15 dnsUpdateFudgeSecs = 120 ) @@ -35,7 +35,7 @@ type Config struct { func NewDefaultConfig() *Config { return &Config{ PollingInterval: env.GetOrDefaultSecond("LINODE_POLLING_INTERVAL", 15*time.Second), - TTL: env.GetOrDefaultInt("LINODE_TTL", 60), + TTL: env.GetOrDefaultInt("LINODE_TTL", minTTL), HTTPTimeout: env.GetOrDefaultSecond("LINODE_HTTP_TIMEOUT", 0), } } @@ -75,6 +75,10 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) { return nil, errors.New("linodev4: Linode Access Token missing") } + if config.TTL < minTTL { + return nil, fmt.Errorf("linodev4: invalid TTL, TTL (%d) must be greater than %d", config.TTL, minTTL) + } + tokenSource := oauth2.StaticTokenSource(&oauth2.Token{AccessToken: config.Token}) oauth2Client := &http.Client{ Timeout: config.HTTPTimeout, @@ -103,7 +107,7 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) { minsRemaining := dnsUpdateFreqMins - (time.Now().Minute() % dnsUpdateFreqMins) timeout = (time.Duration(minsRemaining) * time.Minute) + - (dnsMinTTLSecs * time.Second) + + (minTTL * time.Second) + (dnsUpdateFudgeSecs * time.Second) interval = d.config.PollingInterval return diff --git a/providers/dns/namedotcom/namedotcom.go b/providers/dns/namedotcom/namedotcom.go index 3e109886..2cd2b26d 100644 --- a/providers/dns/namedotcom/namedotcom.go +++ b/providers/dns/namedotcom/namedotcom.go @@ -14,6 +14,9 @@ import ( "github.com/xenolf/lego/platform/config/env" ) +// according to https://www.name.com/api-docs/DNS#CreateRecord +const minTTL = 300 + // Config is used to configure the creation of the DNSProvider type Config struct { Username string @@ -28,7 +31,7 @@ type Config struct { // NewDefaultConfig returns a default configuration for the DNSProvider func NewDefaultConfig() *Config { return &Config{ - TTL: env.GetOrDefaultInt("NAMECOM_TTL", 120), + TTL: env.GetOrDefaultInt("NAMECOM_TTL", minTTL), PropagationTimeout: env.GetOrDefaultSecond("NAMECOM_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout), PollingInterval: env.GetOrDefaultSecond("NAMECOM_POLLING_INTERVAL", acme.DefaultPollingInterval), HTTPClient: &http.Client{ @@ -86,6 +89,10 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) { return nil, fmt.Errorf("namedotcom: API token is required") } + if config.TTL < minTTL { + return nil, fmt.Errorf("namedotcom: invalid TTL, TTL (%d) must be greater than %d", config.TTL, minTTL) + } + client := namecom.New(config.Username, config.APIToken) client.Client = config.HTTPClient diff --git a/providers/dns/otc/otc.go b/providers/dns/otc/otc.go index b26934d1..fd0c40df 100644 --- a/providers/dns/otc/otc.go +++ b/providers/dns/otc/otc.go @@ -113,6 +113,10 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) { return nil, fmt.Errorf("otc: credentials missing") } + if config.TTL < minTTL { + return nil, fmt.Errorf("otc: invalid TTL, TTL (%d) must be greater than %d", config.TTL, minTTL) + } + if config.IdentityEndpoint == "" { config.IdentityEndpoint = defaultIdentityEndpoint } @@ -124,10 +128,6 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) { func (d *DNSProvider) Present(domain, token, keyAuth string) error { fqdn, value, _ := acme.DNS01Record(domain, keyAuth) - if d.config.TTL < minTTL { - d.config.TTL = minTTL - } - authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers) if err != nil { return fmt.Errorf("otc: %v", err)