Currently Boulder uses the DNS servers “dnsResolvers” configured in va.json to resolve the HTTP hostname (A Record) when doing http validations. Great!
Request: use the same dnsResolvers to resolve the DNS TXT Record when doing DNS validations.
Rationale: Our regression tests dynamically create domains and inject them into PowerDNS. This enables all of our internal systems to resolve the dynamic name to do various tasks (including a quick pre-Let’s Encrypt validation).
The regression tests work great end-end when we’re doing HTTP validations.
But because the Boulder server ignores our PowerDNS server when doing DNS validations we have to compensate by also injecting TXT records into the Boulder fake DNS server using set-txt.
Using set-txt works, but it’s more work in the different dev and qa environments (and languages and tools used). It would be nice if the Boulder server used va.json dnsServer when doing dns TXT validations too.