Acme delegation to cloudflare

If I look at the Boulder code at https://github.com/letsencrypt/boulder/blob/bd29cc430fd6947cc2d6353492bec963c2b52532/bdns/dns.go#L411-L432 it doesn't have a limit on how many TXT RRs can be queried beside the DNS protocol itself.

There is some code however that seems to have some limit with 100 incorrect TXT RRs, but I'm not entirely sure how it works. I REAALLLLLYY have a distaste for the Go language, for me it's not intuitive and hard to interpret if you don't really know the language intimate:

Lines 76 to 81 seem to loop the found TXT RRs to check if one of them is valid. If a valid one is found, the function returns success. But after that, there is some code doing some stuff with invalidRecord and some kind of limit of 100? I'm not sure but if I interpret it correctly it simply shows all the first 100 if there are more than 100 TXT RRs. If there's only one, it only shows that single one. And if its between 1 and 100 it will only show the first one with just "..and X more".. No clue why that limit of 100 is there..

But overall it seems there isn't a maximum of TXT RRs you're allowed to have other than technical DNS protocol limitations.

2 Likes