Private/Resolve-TXTAuthoritative.ps1
|
function Resolve-TXTAuthoritative { [CmdletBinding()] param( [string]$FQDN ) # The goal here is to mimic the TXT record check the ACME server will perform # when we submit the challenge validation requests. In particular, they query # the authoritative nameservers for the record and then specifically query them # for the TXT record rather than using potentially cached results from a local # resolver. # Unfortunately, Resolve-DnsName is only supported on Win8/2012 and newer and # Win7/2008R2 are not EOL until January 2020. TBD what to do about that. # First, find the list of authoritative nameservers for the FQDN $recPieces = $FQDN.Split('.') for ($i=0; $i -lt ($recPieces.Count-1); $i++) { $recCheck = $recPieces[$i..($recPieces.Count-1)] -join '.' $result = Resolve-DnsName $recCheck NS -EA SilentlyContinue if ($result) { break } } if ($result) { Write-Verbose "Nameservers found" $result } else { } } |