Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
nixos/security/acme: Add DNS resolver option #99948
Motivation for this change
When using the ACME DNS-01 challenge, there is a possibility of a
When using the ACME DNS-01 challenge, there is a possibility of a failure to resolve the challenge if the record is not propagated fast enough. To circumvent this generic DNS problem, this adds a setting to explicitly tell the ACME provider to use a certain DNS resolver to lookup the challenge. Signed-off-by: Jeroen Simonetti <firstname.lastname@example.org>
Thanks for this PR!
Do you have some details on how the issue did surface for you? Just yesterday I filed a PR that fixed a race of ACME with local resolvers (#99901). Could this maybe also fix your issue?
That being said, there is no reason not to support the option you are proposing.
I can't really comment on the unbound issue, as I do not use that.