feat: add nameservers option for custom name servers (equivalent of --dns.resolvers in Lego)
#18
Conversation
alexzorin
left a comment
alexzorin
left a comment
There was a problem hiding this comment.
In theory this sounds fine, thanks for your contribution.
I'll just need to find a free moment to do a real review and test the functionality out before I can merge this in. Hopefully this coming weekend.
| os.Setenv(key, value) | ||
| } | ||
| if len(action.Nameservers) > 0 { | ||
| addNameserver := dns01.AddRecursiveNameservers(action.Nameservers) |
There was a problem hiding this comment.
That's an interesting one.
dns01.AddRecursiveNameservers affects a global variable: https://github.com/go-acme/lego/blob/a528e280f9e95982ef0c4f0771d99ed51028c5b3/challenge/dns01/nameserver.go#L27
I suppose as long as none of the certificates are processed in parallel, this is fine.
| "available via lego" | ||
| ) | ||
|
|
||
| def _setup_credentials(self) -> None: |
There was a problem hiding this comment.
I've had a chance to try this PR out, but there are some issues (like this line) which prevent it from working:
Can't instantiate abstract class Authenticator without an implementation for abstract method '_setup_credentials'
If you're still interested in working on it, please make sure that you've tested it before submitting it for review, and I'll give it another round.
2 participants
This PR adds an option
--dns-multi-nameserversthat accepts a comma-separated list of recursive name servers to be used for ACME. This is useful for split DNS, where the system DNS resolution may diverge with a public DNS.Alternatively we can add an option to enforce the use public DNS (most commonly DoT/DoH), but that is less flexible and we need to determine which public DNS to trust.