Re: [Acme] DNS challenge server steps missing detail?
> On Nov 27, 2018, at 3:32 PM, Danek Duvall wrote: > > Section 8.4 of the ACME spec says: > >To validate a DNS challenge, the server performs the following steps: > 1. Compute the SHA-256 digest of the stored key authorization > 2. Query for TXT records for the validation domain name > 3. Verify that the contents of one of the TXT records match the > digest value > > Regarding point 2, it's not explained exactly what is queried for the > TXT records. I've not gone looking at Boulder code, but from some > message board postings, it seems like one of the authoritative DNS > servers for the domain is queried. It'd be nice if the spec could > include this information, to make writing automated clients easier. It doesn’t really need to be explained, IMO, because “query for TXT records” implies a query against DNS, which in turn implies a query against a nameserver that’s authoritative for the domain. -FG ___ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
[Acme] DNS challenge server steps missing detail?
Section 8.4 of the ACME spec says: To validate a DNS challenge, the server performs the following steps: 1. Compute the SHA-256 digest of the stored key authorization 2. Query for TXT records for the validation domain name 3. Verify that the contents of one of the TXT records match the digest value Regarding point 2, it's not explained exactly what is queried for the TXT records. I've not gone looking at Boulder code, but from some message board postings, it seems like one of the authoritative DNS servers for the domain is queried. It'd be nice if the spec could include this information, to make writing automated clients easier. In practical terms, only nameservers authoritative for the domain need to be updated (no need to worry about any other caching effects) and all such nameservers need to be updated (because the ACME server will choose an arbitrary nameserver from that list). Thanks, Danek ___ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
