Are --dns.resolvers used for dns01 TXT record verifications?

go-acme / lego

Let's Encrypt/ACME client and library written in Go

https://go-acme.github.io/lego/

MIT License

7.95k stars 1.02k forks source link

Are --dns.resolvers used for dns01 TXT record verifications? #756

Closed mdbraber closed 5 years ago

mdbraber commented 5 years ago

I'm trying to grasp the use of the --dns.resolvers config option. When looking into the code it seems it's just adding those to the list of system resolvers. But are those resolvers also called upon when verifying dns01 challenge TXT records? I thought those queries were carried out by the LE servers, rather than the client? Or am I mistaken?

ldez commented 5 years ago

Those resolvers are:

used to do the precheck of dns01 challenge
used to resolve the FQDN
not used to verifying dns01 challenge TXT records
not added to the list of system resolvers, they replace the list of system resolvers.

--dns.resolvers value        Set the resolvers to use for performing recursive DNS queries. Supported: host:port. The default is to use the system resolvers, or Google's DNS resolvers if the system's cannot be determined.