1

DNS-01 validation and caching

Hello,

I have two quick questions regarding DNS-01 validation:

1. When validating a DNS-01 challenge, does Buypass support having multiple TXT records in place for the same name/domain? Or will the validation fail if the expected TXT record is not the first one in the RRset returned by the authoritative DNS server, even though the record is present in the RRset?

2. For how long does Buypass cache the response received from the authoritative DNS servers?

Regards,

Andreea

5 replies

    • Andreea_Ramstadt
    • 4 yrs ago
    • Reported - view

    Any thoughts? :)

    • Andriy_Mahats
    • 4 yrs ago
    • Reported - view

    Hello Andreea Ramstadt

     

    1. We do not require the TXT record to be sole or the first record, if multiple are present.
    2. We are not using the authoritative DNS server. We do not cache DNS response, however we are querying several external DNS resolvers, so it will be cached there based on TTL.

     

    Regards,

    Andriy

    • Andreea_Ramstadt
    • 4 yrs ago
    • Reported - view

    Hello Andriy Mahats

    Many thanks for your answers.

    I do have a followup question: is there any particular reason for not querying the authoritative DNS servers directly when performing the challenge validation?

    Regards,

    Andreea

      • Andriy_Mahats
      • 4 yrs ago
      • Reported - view

      Hello Andreea Ramstadt 

       

      We consider the querying of authoritative DNS servers as improvement to our current solution, however we haven’t taken that decision yet and the ETA is unknown.

       

      Regards,

      Andriy

    • Andreea_Ramstadt
    • 4 yrs ago
    • Reported - view

    Hello Andriy Mahats

    Thank you for your answers and for the additional clarifications :)

    Regards,

    Andreea

Replies are closed

Content aside

  • Status Answered
  • 1 Likes
  • 4 yrs agoLast active
  • 5Replies closed
  • 369Views
  • 2 Following