Commit graph

17 commits

Author SHA1 Message Date
Woz
306f5c06fa Dns from resolv.conf (#293)
* Get better dns server defaults if available

if an /etc/resolv.conf file exists, then get the dns servers from there

* fix handwritten code...

* Make discovering system dns servers more testable

Allow specifying path to resolv.conf file to allow testing logic

* add tests

* Log which resolvers we are using

* move log statement for dns resolvers used
2016-11-03 19:37:15 +01:00
Cristian Graziano
2818a41068 Export PreCheckDNS so library users can manage the DNS check in tests 2016-08-09 22:15:54 -07:00
janeczku
d6197084fc Fixes zone lookup for domains that have a CNAME with the target in another zone 2016-07-29 21:28:28 +02:00
xenolf
c50baa67cb Move WaitFor into new utils.go and switch timeout and interval to time.Duration. 2016-03-11 03:52:46 +01:00
xenolf
9008ec6949 Move functions from dns package back into ACME. 2016-03-11 03:40:28 +01:00
Pauline Middelink
8b90b1a380 Added testcase for in-valid.co.uk
Camelcased: fqdn2zone to fqdnToZone
Grammatical fix in externally visible error message
2016-02-29 08:46:15 +01:00
Pauline Middelink
4945919c69 - Moved findZone from rfc2136 to dns_challenge.go and renamed to findZoneByFqdn
- Reworked the code in dns_challenge.go to not assume nameserver is
   port-less or defaults to 53. (messes up testing)
- Updated nameserver test to clear the fqdn2zone cache and return a dummy
  SOA RR to make initial findZoneByFqdn call happy.
- Used publicsuffix library to determine if the "authorative" zone we found
  is a public registry, in that case error out. (Also used by boulder btw)
2016-02-28 21:09:05 +01:00
xenolf
1f777a0d77 Adapt tests to EC changes 2016-02-21 04:18:45 +01:00
Michael Cross
fc64f8b99d DNS Challenge: Fix TestCheckAuthoritativeNss failure report 2016-02-19 10:24:39 +00:00
Matthew Holt
971541dc0a Use http client with timeout of 10s
This will prevent indefinitely-hanging requests in case some service or middle box is malfunctioning.

Fix vet errors and lint warnings

Add vet to CI check

Only get issuer certificate if it would be used

No need to make a GET request if the OCSP server is not specified in leaf certificate

Fix CI tests

Make tests verbose
2016-02-14 14:33:54 -07:00
Jan Broer
b594acbc2a Validation domain may be a CNAME or delegated to another NS 2016-02-10 16:56:50 +01:00
Jan Broer
c97b5a52a1 Refactor DNS check
* Gets a list of all authoritative nameservers by looking up the NS RRs for the root domain (zone apex)
* Verifies that the expected TXT record exists on all nameservers before sending off the challenge to ACME server
2016-02-09 05:23:58 +01:00
Den Quixote
0e53e51ba5 dns_challenge preCheckDNS: let system resolver decide IPv4 ./. IPv6.
We can ask the OS resolver for the IP of Google's public anycast DNS.
No need to "bootstrap" with literal IP address. The OS resolver knows
best about IPv4 ./. IPv6.

Mostly fixes #88.
2016-01-30 19:39:10 +01:00
xenolf
08cd016ed3 Switch DNS-01 challenge over to central validation function 2016-01-25 00:23:21 +01:00
xenolf
5992793edd Refactor DNS precheck 2016-01-22 02:25:27 +01:00
xenolf
a3f134e3fb Check DNS entry for validity before hitting boulder 2016-01-22 01:38:15 +01:00
Jan Broer
666698cea3 Modular DNS challenge
- Manual provider
- Dynamic DNS Update provider (RFC2136)
- Route53 provider
- CloudFlare provider
2015-12-10 18:35:35 +01:00