Users of an effective top-level domain can use the DNS challenge (#436)

They will not get anymore an error message saying
"Could not find the start of authority".

Finding the zone cut of a FQDN now only rely on the presence
of a SOA record. Indeed, in the context of an eTLD the
authority will be the eTLD itself so you need to continue
to recurse until you get an answer instead of cutting the search
when you find the public suffix of a domain.

Fixes #434
This commit is contained in:
LeSuisse 2017-10-25 21:47:54 +02:00 committed by xenolf
parent 2c41b2f40d
commit a80b046ca8
2 changed files with 1 additions and 21 deletions

View file

@ -11,7 +11,6 @@ import (
"time" "time"
"github.com/miekg/dns" "github.com/miekg/dns"
"golang.org/x/net/publicsuffix"
) )
type preCheckDNSFunc func(fqdn, value string) (bool, error) type preCheckDNSFunc func(fqdn, value string) (bool, error)
@ -242,10 +241,6 @@ func FindZoneByFqdn(fqdn string, nameservers []string) (string, error) {
labelIndexes := dns.Split(fqdn) labelIndexes := dns.Split(fqdn)
for _, index := range labelIndexes { for _, index := range labelIndexes {
domain := fqdn[index:] domain := fqdn[index:]
// Give up if we have reached the TLD
if isTLD(domain) {
break
}
in, err := dnsQuery(domain, dns.TypeSOA, nameservers, true) in, err := dnsQuery(domain, dns.TypeSOA, nameservers, true)
if err != nil { if err != nil {
@ -273,14 +268,6 @@ func FindZoneByFqdn(fqdn string, nameservers []string) (string, error) {
return "", fmt.Errorf("Could not find the start of authority") return "", fmt.Errorf("Could not find the start of authority")
} }
func isTLD(domain string) bool {
publicsuffix, _ := publicsuffix.PublicSuffix(UnFqdn(domain))
if publicsuffix == UnFqdn(domain) {
return true
}
return false
}
// ClearFqdnCache clears the cache of fqdn to zone mappings. Primarily used in testing. // ClearFqdnCache clears the cache of fqdn to zone mappings. Primarily used in testing.
func ClearFqdnCache() { func ClearFqdnCache() {
fqdnToZone = map[string]string{} fqdnToZone = map[string]string{}

View file

@ -37,14 +37,6 @@ var lookupNameserversTestsErr = []struct {
{"_null.n0n0.", {"_null.n0n0.",
"Could not determine the zone", "Could not determine the zone",
}, },
// invalid domain
{"_null.com.",
"Could not determine the zone",
},
// invalid domain
{"in-valid.co.uk.",
"Could not determine the zone",
},
} }
var findZoneByFqdnTests = []struct { var findZoneByFqdnTests = []struct {
@ -53,6 +45,7 @@ var findZoneByFqdnTests = []struct {
}{ }{
{"mail.google.com.", "google.com."}, // domain is a CNAME {"mail.google.com.", "google.com."}, // domain is a CNAME
{"foo.google.com.", "google.com."}, // domain is a non-existent subdomain {"foo.google.com.", "google.com."}, // domain is a non-existent subdomain
{"example.com.ac.", "ac."}, // domain is a eTLD
} }
var checkAuthoritativeNssTests = []struct { var checkAuthoritativeNssTests = []struct {