solvers: Always call checkDNSPropagation in DNS01Solver (#179)

Calling checkAuthoritativeNss is wrong as it's not inter-changeable with checkDNSPropagation. Though IIUC it's not necessary to follow CNAME when in Wait(), with or without OverrideDomain, let's wait until the override domain gets some usage to change this. The reason that following CNAME is not necessary is that CNAME cannot co-exist with other DNS records, if we succeed in setting a TXT record on that domain, it cannot have a CNAME record. @IndeedNotJames
caddyserver · Mar 24, 2022 · ae2a5dd · ae2a5dd
1 parent 915efd8
commit ae2a5dd
Showing 1 changed file with 1 addition and 5 deletions.
diff --git a/solvers.go b/solvers.go
@@ -337,11 +337,7 @@ func (s *DNS01Solver) Wait(ctx context.Context, challenge acme.Challenge) error
 			return ctx.Err()
 		}
 		var ready bool
-		if s.OverrideDomain == "" {
-			ready, err = checkDNSPropagation(dnsName, keyAuth, resolvers)
-		} else {
-			ready, err = checkAuthoritativeNss(dnsName, keyAuth, resolvers)
-		}
+		ready, err = checkDNSPropagation(dnsName, keyAuth, resolvers)
 		if err != nil {
 			return fmt.Errorf("checking DNS propagation of %s: %w", dnsName, err)
 		}