Merge pull request #43 from exonet/rja/use-nameserver

Use the nameserver of the zone for local DNS validation
RogierW · Feb 13, 2024 · cfa60a2 · cfa60a2
2 parents 8c3bc6a + 048adf9
commit cfa60a2
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 4 deletions.
diff --git a/composer.json b/composer.json
@@ -18,6 +18,7 @@
     "ext-mbstring": "*",
     "ext-openssl": "*",
     "psr/log": "^3.0",
+    "spatie/dns": "^2.5",
     "spatie/laravel-data": "^3.9"
   },
   "require-dev": {

diff --git a/src/Support/LocalChallengeTest.php b/src/Support/LocalChallengeTest.php
@@ -2,11 +2,15 @@
 
 namespace Rogierw\RwAcme\Support;
 
+use Exception;
 use Rogierw\RwAcme\Exceptions\DomainValidationException;
 use Rogierw\RwAcme\Interfaces\HttpClientInterface;
+use Spatie\Dns\Dns;
 
 class LocalChallengeTest
 {
+    private const DEFAULT_NAMESERVER = 'dns.google.com';
+
     public static function http(string $domain, string $token, string $keyAuthorization, HttpClientInterface $httpClient): void
     {
         $response = $httpClient->get($domain . '/.well-known/acme-challenge/' . $token, maxRedirects: 1);
@@ -29,10 +33,29 @@ public static function http(string $domain, string $token, string $keyAuthorizat
 
     public static function dns(string $domain, string $name, string $value): void
     {
-        $response = @dns_get_record(sprintf('%s.%s', $name, $domain), DNS_TXT);
-
-        if (!in_array($value, array_column($response, 'txt'), true)) {
-            throw DomainValidationException::localDnsChallengeTestFailed($domain);
+        try {
+            $dnsResolver = new Dns();
+
+            // Get the nameserver.
+            $soaRecord = $dnsResolver->getRecords($domain, DNS_SOA);
+
+            $nameserver = empty($soaRecord)
+                ? self::DEFAULT_NAMESERVER
+                : $soaRecord[0]->mname();
+
+            $records = $dnsResolver
+                ->useNameserver($nameserver)
+                ->getRecords(sprintf('%s.%s', $name, $domain), DNS_TXT);
+
+            foreach ($records as $record) {
+                if ($record->txt() === $value) {
+                    return;
+                }
+            }
+        } catch (Exception $exception) {
+            // An exception can be thrown by the Dns class when a lookup fails.
         }
+
+        throw DomainValidationException::localDnsChallengeTestFailed($domain);
     }
 }