System nameservers not used for dns01 challenge on Windows

[tmm1]

https://github.com/go-acme/lego/blob/8afde164a15aea9b5d7eddc1f1d267b56fb5132e/challenge/dns01/nameserver.go#L13

https://github.com/go-acme/lego/blob/8afde164a15aea9b5d7eddc1f1d267b56fb5132e/challenge/dns01/nameserver.go#L28-L29

https://github.com/go-acme/lego/blob/8afde164a15aea9b5d7eddc1f1d267b56fb5132e/challenge/dns01/nameserver.go#L72-L74

cc https://github.com/miekg/dns/issues/334

[coolaj86]

Just ran into this on a Windows system in an IT environment that has a firewall in place that blocks 53...

Just to add more of a documentation trail for myself and others:

• The Go docs ( https://golang.org/pkg/net/ ) say that with export CGO_ENABLED=1 and export GODEBUG=netdns=go the system resolver should be used
• The net/dns package, well, sucks. It's so high-level that's is not usable for normal DNS queries (i.e. TTL, 0x20 encoding, etc)
• lego therefore uses miekg/dns, which is a sane dns package
• The custom resolvers can be overridden in, as discussed at https://github.com/go-acme/lego/issues/1137

[coolaj86]

How to use the default resolver?

I see that we have docs for how to set a different custom resolver... but what about when we don't explicitly know the settings used by the system resolver? What do we do then?

Note:

Looking at what I believe to be the place the resolver would be referenced in the windows syscall code for the DNS lookups, I don't see it there either: https://golang.org/src/net/lookup_windows.go

Possible Workaround:

Use a PowerShell script that grabs the Windows DNS resolvers and passes them to the Go application with a new flag such as --acme-dns-resolvers

• https://docs.microsoft.com/en-us/powershell/module/dnsserver/get-dnsserver?view=win10-ps
• https://docs.microsoft.com/en-us/powershell/module/dnsclient/get-dnsclientserveraddress?view=win10-ps