Closed ryansouza closed 5 years ago
@cpu thanks for the review 👍
I've changed the solution a bit to better match a real DNS server, and simplify the code changes a bit. Now a request for a CNAME'd host gets the CNAME record in addition to the requested records on the target host. I think it's a lot better than each individual lookup worrying about a CNAME
Heres an example of using it with the in-prog pebble-challtestsrv changes
$ curl localhost:8055/set-cname -XPOST --data '{"host":"foo.example.com", "target":"foobar.example.com"}'
$ curl localhost:8055/set-txt -XPOST --data '{"host":"foobar.example.com.", "value":"foobar"}'
$ curl localhost:8055/add-a -XPOST --data '{"host":"foobar.example.com", "addresses":["1.2.3.4"]}'
$ dig @localhost -p 8053 foo.example.com +noall +answer
foo.example.com. 0 IN CNAME foobar.example.com.
foobar.example.com. 0 IN A 1.2.3.4
$ dig TXT @localhost -p 8053 foo.example.com +noall +answer
foo.example.com. 0 IN CNAME foobar.example.com.
foobar.example.com. 0 IN TXT "foobar"
I cut a minor version release with this feature: https://github.com/letsencrypt/challtestsrv/releases/tag/v1.1.0 That should let you update the go.mod
for the Pebble side of this work. Thanks again!
For testing platform integrations with an ACME provider it would be nice to have simple but real-ish CNAMEs. This would allow testing the 2-part challenge setup where a customer CNAMEs their
_acme-challenge
fqdn to a platform-controlled fqdn where the actual TXT record is set up. This change will also respond to CNAME requests, allowing a mocked "has the customer CNAME'd their domain" check to run.Planned implementation of this in the pebble-challtestsrv: https://github.com/letsencrypt/pebble/compare/master...ryansouza:cnames which I used to test this locally