From a80b046ca803f24dcf835d1524bae69f43e14c69 Mon Sep 17 00:00:00 2001
From: LeSuisse <lesuisse.dev@gmail.com>
Date: Wed, 25 Oct 2017 21:47:54 +0200
Subject: [PATCH] Users of an effective top-level domain can use the DNS
 challenge (#436)

They will not get anymore an error message saying
"Could not find the start of authority".

Finding the zone cut of a FQDN now only rely on the presence
of a SOA record. Indeed, in the context of an eTLD the
authority will be the eTLD itself so you need to continue
to recurse until you get an answer instead of cutting the search
when you find the public suffix of a domain.

Fixes #434
---
 acme/dns_challenge.go      | 13 -------------
 acme/dns_challenge_test.go |  9 +--------
 2 files changed, 1 insertion(+), 21 deletions(-)

diff --git a/acme/dns_challenge.go b/acme/dns_challenge.go
index 7c4cb80d..13373974 100644
--- a/acme/dns_challenge.go
+++ b/acme/dns_challenge.go
@@ -11,7 +11,6 @@ import (
 	"time"
 
 	"github.com/miekg/dns"
-	"golang.org/x/net/publicsuffix"
 )
 
 type preCheckDNSFunc func(fqdn, value string) (bool, error)
@@ -242,10 +241,6 @@ func FindZoneByFqdn(fqdn string, nameservers []string) (string, error) {
 	labelIndexes := dns.Split(fqdn)
 	for _, index := range labelIndexes {
 		domain := fqdn[index:]
-		// Give up if we have reached the TLD
-		if isTLD(domain) {
-			break
-		}
 
 		in, err := dnsQuery(domain, dns.TypeSOA, nameservers, true)
 		if err != nil {
@@ -273,14 +268,6 @@ func FindZoneByFqdn(fqdn string, nameservers []string) (string, error) {
 	return "", fmt.Errorf("Could not find the start of authority")
 }
 
-func isTLD(domain string) bool {
-	publicsuffix, _ := publicsuffix.PublicSuffix(UnFqdn(domain))
-	if publicsuffix == UnFqdn(domain) {
-		return true
-	}
-	return false
-}
-
 // ClearFqdnCache clears the cache of fqdn to zone mappings. Primarily used in testing.
 func ClearFqdnCache() {
 	fqdnToZone = map[string]string{}
diff --git a/acme/dns_challenge_test.go b/acme/dns_challenge_test.go
index 597aaac1..4a2a7fea 100644
--- a/acme/dns_challenge_test.go
+++ b/acme/dns_challenge_test.go
@@ -37,14 +37,6 @@ var lookupNameserversTestsErr = []struct {
 	{"_null.n0n0.",
 		"Could not determine the zone",
 	},
-	// invalid domain
-	{"_null.com.",
-		"Could not determine the zone",
-	},
-	// invalid domain
-	{"in-valid.co.uk.",
-		"Could not determine the zone",
-	},
 }
 
 var findZoneByFqdnTests = []struct {
@@ -53,6 +45,7 @@ var findZoneByFqdnTests = []struct {
 }{
 	{"mail.google.com.", "google.com."}, // domain is a CNAME
 	{"foo.google.com.", "google.com."},  // domain is a non-existent subdomain
+	{"example.com.ac.", "ac."},          // domain is a eTLD
 }
 
 var checkAuthoritativeNssTests = []struct {