I want to run integration tests for Let’s Encrypt that include obtaining a certificate for a fake domain. One option might be to spin up a fake DNS provider container that returned the correct response and a Boulder container and point the fake_dns env var to it. That seems excessive and I’m hoping for a simpler solution. Thanks!
Hi @katejefferson,
The Boulder Docker container already contains a fake DNS provider (dns-test-srv) that always returns a certain IP address for any A query. By default that IP address is 127.0.0.1, but you can change that by changing the FAKE_DNS environment variable to the IP address you want to return.
If you’re running a client on the host, you most likely want to set FAKE_DNS to 172.17.0.1 (depending on what IP the docker0 interface has).
Thanks @jsha! Can I provision TXT records with the dns-test-srv? I need to be able to pass challenges.
Yep, we have a hacked-up little local JSON API that we use for our own integration tests:
func (ts *testSrv) setTXT(w http.ResponseWriter, r *http.Request) {
if r.URL.Path != "/set-txt" {
http.NotFound(w, r)
return
} else if r.Method != "POST" {
w.WriteHeader(405)
return
}
msg, err := ioutil.ReadAll(r.Body)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
var sr setRequest
err = json.Unmarshal(msg, &sr)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
if sr.Host == "" {
w.WriteHeader(http.StatusBadRequest)
return
}
ts.mu.Lock()
defer ts.mu.Unlock()
ts.txtRecords[strings.ToLower(sr.Host)] = sr.Value
fmt.Printf("dns-srv: added TXT record for %s containing \"%s\"\n", sr.Host, sr.Value)
w.WriteHeader(http.StatusOK)
}
That said, we don’t guarantee stability of that API, so it’s entirely possible we’ll break your tests with a future change. If you want a test harness you have more control over, you will probably want to run your own copy of dns-test-srv and point your Boulder instance at it. That’s a little complicated because you have to maintain a forked copy of the va.json config.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.