1

DNS-01 validation and caching

Hello,

I have two quick questions regarding DNS-01 validation:

1. When validating a DNS-01 challenge, does Buypass support having multiple TXT records in place for the same name/domain? Or will the validation fail if the expected TXT record is not the first one in the RRset returned by the authoritative DNS server, even though the record is present in the RRset?

2. For how long does Buypass cache the response received from the authoritative DNS servers?

Regards,

Andreea

5replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Any thoughts? :)

    Like 1
  • Hello Andreea Ramstadt

     

    1. We do not require the TXT record to be sole or the first record, if multiple are present.
    2. We are not using the authoritative DNS server. We do not cache DNS response, however we are querying several external DNS resolvers, so it will be cached there based on TTL.

     

    Regards,

    Andriy

    Like
  • Hello Andriy Mahats

    Many thanks for your answers.

    I do have a followup question: is there any particular reason for not querying the authoritative DNS servers directly when performing the challenge validation?

    Regards,

    Andreea

    Like 1
    • Hello Andreea Ramstadt 

       

      We consider the querying of authoritative DNS servers as improvement to our current solution, however we haven’t taken that decision yet and the ETA is unknown.

       

      Regards,

      Andriy

      Like
  • Hello Andriy Mahats

    Thank you for your answers and for the additional clarifications :)

    Regards,

    Andreea

    Like 1
Replies are closed
Like1
  • Status Answered
  • 1 Likes
  • 3 wk agoLast active
  • 5Replies closed
  • 44Views
  • 2 Following

Buypass Official Community

This is the official community of Buypass.  A Root CA located in Norway.