> On Nov 27, 2018, at 3:32 PM, Danek Duvall <duv...@brightgate.com> wrote: > > Section 8.4 of the ACME spec says: > > To validate a DNS challenge, the server performs the following steps: > 1. Compute the SHA-256 digest of the stored key authorization > 2. Query for TXT records for the validation domain name > 3. Verify that the contents of one of the TXT records match the > digest value > > Regarding point 2, it's not explained exactly what is queried for the > TXT records. I've not gone looking at Boulder code, but from some > message board postings, it seems like one of the authoritative DNS > servers for the domain is queried. It'd be nice if the spec could > include this information, to make writing automated clients easier.
It doesn’t really need to be explained, IMO, because “query for TXT records” implies a query against DNS, which in turn implies a query against a nameserver that’s authoritative for the domain. -FG _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme