potyarkin/lego
1
0
Fork 0
forked from TrueCloudLab/lego
Code Pull requests Activity

RFC2136_TIMEOUT: tuneable DNS propagation timeout (#386)

Browse source 
Useful for slower DNS environment.

Time string is parsed with time.ParseDuration, so units are mandatory
(eg. RFC2136_TIMEOUT=10m)
This commit is contained in:
jraby 2017-07-17 16:05:47 -04:00 committed by xenolf
parent 147b326cb0
commit a5eaf85c89
2 changed files with 28 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
providers/dns/rfc2136/rfc2136.go
View file

@ -20,29 +20,32 @@ type DNSProvider struct {
tsigAlgorithm string tsigAlgorithm string
tsigKey string tsigKey string
tsigSecret string tsigSecret string
timeout time.Duration
} }
// NewDNSProvider returns a DNSProvider instance configured for rfc2136 // NewDNSProvider returns a DNSProvider instance configured for rfc2136
// dynamic update. Credentials must be passed in environment variables: // dynamic update. Configured with environment variables:
// RFC2136_NAMESERVER: Network address in the form "host" or "host:port". // RFC2136_NAMESERVER: Network address in the form "host" or "host:port".
// RFC2136_TSIG_ALGORITHM: Defaults to hmac-md5.sig-alg.reg.int. (HMAC-MD5). // RFC2136_TSIG_ALGORITHM: Defaults to hmac-md5.sig-alg.reg.int. (HMAC-MD5).
// See https://github.com/miekg/dns/blob/master/tsig.go for supported values. // See https://github.com/miekg/dns/blob/master/tsig.go for supported values.
// RFC2136_TSIG_KEY: Name of the secret key as defined in DNS server configuration. // RFC2136_TSIG_KEY: Name of the secret key as defined in DNS server configuration.
// RFC2136_TSIG_SECRET: Secret key payload. // RFC2136_TSIG_SECRET: Secret key payload.
// RFC2136_TIMEOUT: DNS propagation timeout in time.ParseDuration format. (60s)
// To disable TSIG authentication, leave the RFC2136_TSIG* variables unset. // To disable TSIG authentication, leave the RFC2136_TSIG* variables unset.
func NewDNSProvider() (*DNSProvider, error) { func NewDNSProvider() (*DNSProvider, error) {
nameserver := os.Getenv("RFC2136_NAMESERVER") nameserver := os.Getenv("RFC2136_NAMESERVER")
tsigAlgorithm := os.Getenv("RFC2136_TSIG_ALGORITHM") tsigAlgorithm := os.Getenv("RFC2136_TSIG_ALGORITHM")
tsigKey := os.Getenv("RFC2136_TSIG_KEY") tsigKey := os.Getenv("RFC2136_TSIG_KEY")
tsigSecret := os.Getenv("RFC2136_TSIG_SECRET") tsigSecret := os.Getenv("RFC2136_TSIG_SECRET")
return NewDNSProviderCredentials(nameserver, tsigAlgorithm, tsigKey, tsigSecret) timeout := os.Getenv("RFC2136_TIMEOUT")
return NewDNSProviderCredentials(nameserver, tsigAlgorithm, tsigKey, tsigSecret, timeout)
} }
// NewDNSProviderCredentials uses the supplied credentials to return a // NewDNSProviderCredentials uses the supplied credentials to return a
// DNSProvider instance configured for rfc2136 dynamic update. To disable TSIG // DNSProvider instance configured for rfc2136 dynamic update. To disable TSIG
// authentication, leave the TSIG parameters as empty strings. // authentication, leave the TSIG parameters as empty strings.
// nameserver must be a network address in the form "host" or "host:port". // nameserver must be a network address in the form "host" or "host:port".
func NewDNSProviderCredentials(nameserver, tsigAlgorithm, tsigKey, tsigSecret string) (*DNSProvider, error) { func NewDNSProviderCredentials(nameserver, tsigAlgorithm, tsigKey, tsigSecret, timeout string) (*DNSProvider, error) {
if nameserver == "" { if nameserver == "" {
return nil, fmt.Errorf("RFC2136 nameserver missing") return nil, fmt.Errorf("RFC2136 nameserver missing")
} }
@ -67,9 +70,27 @@ func NewDNSProviderCredentials(nameserver, tsigAlgorithm, tsigKey, tsigSecret st
d.tsigSecret = tsigSecret d.tsigSecret = tsigSecret
} }
if timeout == "" {
d.timeout = 60 * time.Second
} else {
t, err := time.ParseDuration(timeout)
if err != nil {
return nil, err
} else if t < 0 {
return nil, fmt.Errorf("Invalid/negative RFC2136_TIMEOUT: %v", timeout)
} else {
d.timeout = t
}
}
return d, nil return d, nil
} }
// Returns the timeout configured with RFC2136_TIMEOUT, or 60s.
func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
return d.timeout, 2 * time.Second
}
// Present creates a TXT record using the specified parameters // Present creates a TXT record using the specified parameters
func (r *DNSProvider) Present(domain, token, keyAuth string) error { func (r *DNSProvider) Present(domain, token, keyAuth string) error {
fqdn, value, ttl := acme.DNS01Record(domain, keyAuth) fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)

8
providers/dns/rfc2136/rfc2136_test.go
View file

@ -61,7 +61,7 @@ func TestRFC2136ServerSuccess(t *testing.T) {
} }
defer server.Shutdown() defer server.Shutdown()
provider, err := NewDNSProviderCredentials(addrstr, "", "", "") provider, err := NewDNSProviderCredentials(addrstr, "", "", "", "")
if err != nil { if err != nil {
t.Fatalf("Expected NewDNSProviderCredentials() to return no error but the error was -> %v", err) t.Fatalf("Expected NewDNSProviderCredentials() to return no error but the error was -> %v", err)
} }
@ -81,7 +81,7 @@ func TestRFC2136ServerError(t *testing.T) {
} }
defer server.Shutdown() defer server.Shutdown()
provider, err := NewDNSProviderCredentials(addrstr, "", "", "") provider, err := NewDNSProviderCredentials(addrstr, "", "", "", "")
if err != nil { if err != nil {
t.Fatalf("Expected NewDNSProviderCredentials() to return no error but the error was -> %v", err) t.Fatalf("Expected NewDNSProviderCredentials() to return no error but the error was -> %v", err)
} }
@ -103,7 +103,7 @@ func TestRFC2136TsigClient(t *testing.T) {
} }
defer server.Shutdown() defer server.Shutdown()
provider, err := NewDNSProviderCredentials(addrstr, "", rfc2136TestTsigKey, rfc2136TestTsigSecret) provider, err := NewDNSProviderCredentials(addrstr, "", rfc2136TestTsigKey, rfc2136TestTsigSecret, "")
if err != nil { if err != nil {
t.Fatalf("Expected NewDNSProviderCredentials() to return no error but the error was -> %v", err) t.Fatalf("Expected NewDNSProviderCredentials() to return no error but the error was -> %v", err)
} }
@ -135,7 +135,7 @@ func TestRFC2136ValidUpdatePacket(t *testing.T) {
t.Fatalf("Error packing expect msg: %v", err) t.Fatalf("Error packing expect msg: %v", err)
} }
provider, err := NewDNSProviderCredentials(addrstr, "", "", "") provider, err := NewDNSProviderCredentials(addrstr, "", "", "", "")
if err != nil { if err != nil {
t.Fatalf("Expected NewDNSProviderCredentials() to return no error but the error was -> %v", err) t.Fatalf("Expected NewDNSProviderCredentials() to return no error but the error was -> %v", err)
} }