From fd8a9f86ecc8aa26b62a8c9ac9f9a6002f10fd6a Mon Sep 17 00:00:00 2001
From: danthegoodman1 <xxdanthegoodmanxx@gmail.com>
Date: Sat, 17 Sep 2022 11:47:50 -0400
Subject: [PATCH] lib: add recursive CNAME lookup support (#1677)

---
 challenge/dns01/dns_challenge.go | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/challenge/dns01/dns_challenge.go b/challenge/dns01/dns_challenge.go
index e46e9bac..2f335ee4 100644
--- a/challenge/dns01/dns_challenge.go
+++ b/challenge/dns01/dns_challenge.go
@@ -179,10 +179,17 @@ func GetRecord(domain, keyAuth string) (fqdn, value string) {
 	fqdn = fmt.Sprintf("_acme-challenge.%s.", domain)
 
 	if ok, _ := strconv.ParseBool(os.Getenv("LEGO_EXPERIMENTAL_CNAME_SUPPORT")); ok {
-		r, err := dnsQuery(fqdn, dns.TypeCNAME, recursiveNameservers, true)
-		// Check if the domain has CNAME then return that
-		if err == nil && r.Rcode == dns.RcodeSuccess {
-			fqdn = updateDomainWithCName(r, fqdn)
+		// recursion counter so it doesn't spin out of control
+		for limit := 0; limit < 50; limit++ {
+			// Keep following CNAMEs
+			r, err := dnsQuery(fqdn, dns.TypeCNAME, recursiveNameservers, true)
+			// Check if the domain has CNAME then use that
+			if err == nil && r.Rcode == dns.RcodeSuccess {
+				fqdn = updateDomainWithCName(r, fqdn)
+			} else {
+				// No more CNAME records to follow, exit
+				return
+			}
 		}
 	}