Hi there!
Assume caddy is running on a private network host that does not yet have any associated A or CNAME records and has its /etc/hosts as follows:
127.0.0.1 localhost
10.1.1.14 test.mydomain.com
Given the following example Caddyfile snippet:
test.mydomain.com {
tls {
dns cloudflare {env.CF_API_TOKEN}
resolvers 1.1.1.1
}
# ... etc...
}
What does the resolvers 1.1.1.1 line do exactly?
Naturally I checked the documentation which says:
- resolvers customizes the DNS resolvers used when performing the DNS challenge; these take precedence over system resolvers or any default ones. If set here, the resolvers will propagate to all configured certificate issuers.This is typically a list of IP addresses.
So it seems clear enough to me that this allows caddy and/or its cloudflare dns plugin to find Cloudflare’s API server so it can add the acme challenge TXT record to the mydomain.com domain.
But is 1.1.1.1 used for anything else?
Does caddy and/or its clouflare plugin use it to find the ip address for test.mydomain.com?
If so, that would be a problem because hostname-to-ip resolution is currently only represented in the caddy host’s /etc/hosts file and not yet in any dns server.
My understanding is that the acme exchange should still ‘just work’ and doesn’t need to know about the machine’s hostname or IP address. It is basically “I own mydomain.com, so I’ll add a TXT record to prove it, and after you verify that record, please issue me the cert.” No?