|
|
@@ -12,7 +12,17 @@ if ($parent_authoritatives === [])
|
|
|
foreach ($parent_authoritatives as $parent_authoritative)
|
|
|
checkAbsoluteDomainFormat($parent_authoritative);
|
|
|
|
|
|
-$ns_records = array_column(kdig(name: $domain, type: 'NS', server: (CONF['ns']['local_only_check'] ? CONF['reg']['address'] : $parent_authoritatives[0]))['authorityRRs'], 'rdataNS');
|
|
|
+foreach ($parent_authoritatives as $i => $parent_authoritative) {
|
|
|
+ if ($i === 3)
|
|
|
+ output(403, sprintf(_('The %s first tried name servers failed to answer.'), $i));
|
|
|
+ try {
|
|
|
+ $results = kdig(name: $domain, type: 'NS', server: (CONF['ns']['local_only_check'] ? CONF['reg']['address'] : $parent_authoritative));
|
|
|
+ } catch (KdigException) {
|
|
|
+ continue;
|
|
|
+ }
|
|
|
+ break;
|
|
|
+}
|
|
|
+$ns_records = array_column($results['authorityRRs'] ?? [], 'rdataNS');
|
|
|
if (preg_match('/^(?<salt>[0-9a-f]{8})-(?<hash>[0-9a-f]{32})\._domain-verification\.' . preg_quote(SERVER_NAME, '/') . '\.$/Dm', implode(LF, $ns_records), $matches) !== 1)
|
|
|
output(403, _('NS authentication record not found.'));
|
|
|
|
Miraty