Convert between the API implictily absolute and DO standard record names#3
Conversation
Previously, this DNS provider incorrectly assumed that DNS records passed to it followed the standard notation, used by the DigitalOcean API, that absolute DNS record names end with a dot, and relative DNS record names don't. This is incorrect because libdns uses de-facto implicitly absolute DNS record names with a dot suffix, which causes any DNS record added with eg certmagic to incorrectly be treated as relative, resulting in records like: _acme-challenge.example.org.example.org This fixes this issue by converting between the standard dot-suffix DNS record name notation used by the DigitalOcean API and the implicitly absolute record names used by libdns. See: libdns/libdns#12
|
Thanks for the PR! We will look at this closer as soon as we decide on the best path going forward in the linked issue. |
|
caddyserver/caddy#3766 |
|
Awesome, +1 |
|
Ran into this today as well. I had to remove the digitalocean resolver reference from my caddyfile to get a cert to generate, which is leaving me without a wildcard at the moment. The txt hostnames present in the dns records are akin to: |
|
The discussion in the linked thread has not been completed yet. I am awaiting feedback from a sufficient number of users before committing to a decision. We need to make sure it serves the vast majority of DNS providers first. |
|
seems like there is a lot of people facing this issue |
|
The upstream issue has been resolved; record names passed in are now relative to zone. Feel free to patch this library accordingly! :) These new helper functions might be useful: https://pkg.go.dev/github.com/libdns/libdns#AbsoluteName |
|
Hello there, Any news on this issue? Thanks! |
|
I'll look at it tomorrow when I get back to work!
…On Wed, Mar 10, 2021 at 6:09 AM Matt Holt ***@***.***> wrote:
@mholt <https://github.com/mholt> requested your review on: #3
<#3> Convert between the API
implictily absolute and DO standard record names.
—
You are receiving this because your review was requested.
Reply to this email directly, view it on GitHub
<#3 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAG6TA2BESYFKJRYFLY2LLTCZW6FANCNFSM4RKBKDZQ>
.
--
Sven.
|
|
given libdns/libdns#28 , very LGTM |
|
Thanks Sven! |
|
Thank you @SvenDowideit ! 🙏 |
Previously, this DNS provider incorrectly assumed that DNS records
passed to it followed the standard notation, used by the DigitalOcean
API, that absolute DNS record names end with a dot, and relative DNS
record names don't.
This is incorrect because libdns uses de-facto implicitly absolute DNS
record names with a dot suffix, which causes any DNS record added with
eg certmagic to incorrectly be treated as relative, resulting in records
like: _acme-challenge.example.org.example.org
This fixes this issue by converting between the standard dot-suffix DNS
record name notation used by the DigitalOcean API and the implicitly
absolute record names used by libdns.
See: libdns/libdns#12