DNS-01 validation and caching
Hello,
I have two quick questions regarding DNS-01 validation:
1. When validating a DNS-01 challenge, does Buypass support having multiple TXT records in place for the same name/domain? Or will the validation fail if the expected TXT record is not the first one in the RRset returned by the authoritative DNS server, even though the record is present in the RRset?
2. For how long does Buypass cache the response received from the authoritative DNS servers?
Regards,
Andreea
-
Any thoughts? :)
-
Hello Andreea Ramstadt
- We do not require the TXT record to be sole or the first record, if multiple are present.
- We are not using the authoritative DNS server. We do not cache DNS response, however we are querying several external DNS resolvers, so it will be cached there based on TTL.
Regards,
Andriy
-
Hello Andriy Mahats
Many thanks for your answers.
I do have a followup question: is there any particular reason for not querying the authoritative DNS servers directly when performing the challenge validation?
Regards,
Andreea
-
Hello Andreea Ramstadt
We consider the querying of authoritative DNS servers as improvement to our current solution, however we haven’t taken that decision yet and the ETA is unknown.
Regards,
Andriy
-
-
Hello Andriy Mahats
Thank you for your answers and for the additional clarifications :)
Regards,
Andreea