HTTP timeouts to API, and self-validation mutex to nameserver ops

* Increase code coverage in acmedns

* More testing of ReadConfig() and its fallback mechanism

* Found that if someone put a '"' double quote into the filename that we configure zap to log to, it would cause the the JSON created to be invalid. I have replaced the JSON string with proper config

* Better handling of config options for api.TLS - we now error on an invalid value instead of silently failing.

added a basic test for api.setupTLS() (to increase test coverage)

* testing nameserver isOwnChallenge and isAuthoritative methods

* add a unit test for nameserver answerOwnChallenge

* fix linting errors

* bump go and golangci-lint versions in github actions

* Update golangci-lint.yml

Bumping github-actions workflow versions to accommodate some changes in upstream golanci-lint

* Bump Golang version to 1.23 (currently the oldest supported version)

Bump golanglint-ci to 2.0.2 and migrate the config file.

This should resolve the math/rand/v2 issue

* bump golanglint-ci action version

* Fixing up new golanglint-ci warnings and errors

---------

Co-authored-by: Joona Hoikkala <5235109+joohoi@users.noreply.github.com>

.github/workflows/release.yml

@@ -1,43 +0,0 @@
-name: goreleaser
-
-on:
-  push:
-    tags:
-      - 'v*'
-
-permissions:
-  contents: write
-
-jobs:
-  goreleaser:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: stable
-      - name: Import GPG key
-        id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v6
-        with:
-          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
-          passphrase: ${{ secrets.GPG_PASSPHRASE }}
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v6
-
-        with:
-          distribution: goreleaser
-          version: latest
-          args: release --clean
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}

.goreleaser.yml

@@ -1,7 +1,7 @@
 builds:
   - binary: acme-dns
     env:
-      - CGO_ENABLED=0
+      - CGO_ENABLED=1
     goos:
       - linux
     goarch:
@@ -19,17 +19,3 @@ archives:
 
 signs:
   - artifacts: checksum
-    args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"]
-
-dockers:
-  - image_templates:
-    - "joohoi/acme-dns:{{ .Tag }}"
-    - "joohoi/acme-dns:latest"
-    dockerfile: Dockerfile.release
-    build_flag_templates:
-    - "--pull"
-    - "--label=org.opencontainers.image.created={{.Date}}"
-    - "--label=org.opencontainers.image.name={{.ProjectName}}"
-    - "--label=org.opencontainers.image.revision={{.FullCommit}}"
-    - "--label=org.opencontainers.image.version={{.Version}}"
-

CHANGELOG.md

@@ -1,59 +0,0 @@
-# Changelog
-
-## v2.0
-- Update goreleaser configuration and add a GitHub action to build a release on new version tags (#395)
-- Huge refactoring and modernization (#325)
-
-## v1.1
-- Add timeout to golangci job (#369)
-- Update deps to support go 1.23 (#368)
-- Bump dependencies (#334)
-
-## v1.0 
-   - New
-      - Refactoring of the codebase to something more robust
-   - Changed
-      - Updated dependencies
-- v0.8
-   - NOTE: configuration option: "api_domain" deprecated!
-   - New
-      - Automatic HTTP API certificate provisioning using DNS challenges making acme-dns able to acquire certificates even with HTTP api not being accessible from public internet.
-      - Configuration value for "tls": "letsencryptstaging". Setting it will help you to debug possible issues with HTTP API certificate acquiring process. This is the new default value.
-   - Changed
-      - Fixed: EDNS0 support
-      - Migrated from autocert to [certmagic](https://github.com/mholt/certmagic) for HTTP API certificate handling
-- v0.7.2
-   - Changed
-      - Fixed: Regression error of not being able to answer to incoming random-case requests.
-      - Fixed: SOA record added to a correct header field in NXDOMAIN responses.
-- v0.7.1
-   - Changed
-      - Fixed: SOA record correctly added to the TCP DNS server when using both, UDP and TCP servers.
-- v0.7
-   - New
-      - Added an endpoint to perform health checks
-   - Changed
-      - A new protocol selection for DNS server "both", that binds both - UDP and TCP ports.
-      - Refactored DNS server internals.
-      - Handle some aspects of DNS spec better.
-- v0.6
-   - New
-      - Command line flag `-c` to specify location of config file.
-      - Proper refusal of dynamic update requests.
-      - Release signing
-   - Changed
-      - Better error messages for goroutines
-- v0.5
-   - New
-      - Configurable certificate cache directory
-   - Changed
-      - Process wide umask to ensure created files are only readable by the user running acme-dns
-      - Replaced package that handles UUIDs because of a flaw in the original package
-      - Updated dependencies
-      - Better error messages
-- v0.4 Clear error messages for bad TXT record content, proper handling of static CNAME records, fixed IP address parsing from the request, added option to disable registration endpoint in the configuration.
-- v0.3.2 Dockerfile was fixed for users using autocert feature
-- v0.3.1 Added goreleaser for distributing binary builds of the releases
-- v0.3 Changed autocert to use HTTP-01 challenges, as TLS-SNI is disabled by Let's Encrypt
-- v0.2 Now powered by httprouter, support wildcard certificates, Docker images
-- v0.1 Initial release

Dockerfile

@@ -1,12 +1,12 @@
 FROM golang:alpine AS builder
 LABEL maintainer="joona@kuori.org"
 
-RUN apk add --update git
+RUN apk add --update gcc musl-dev git
 
 ENV GOPATH /tmp/buildcache
 RUN git clone https://github.com/joohoi/acme-dns /tmp/acme-dns
 WORKDIR /tmp/acme-dns
-RUN CGO_ENABLED=0 go build
+RUN CGO_ENABLED=1 go build
 
 FROM alpine:latest
 

Dockerfile.release

@@ -1,12 +0,0 @@
-FROM alpine:latest
-
-RUN apk --no-cache add ca-certificates && update-ca-certificates
-RUN mkdir -p /etc/acme-dns
-RUN mkdir -p /var/lib/acme-dns
-
-COPY acme-dns /usr/local/bin/acme-dns
-
-VOLUME ["/etc/acme-dns", "/var/lib/acme-dns"]
-ENTRYPOINT ["acme-dns"]
-EXPOSE 53 80 443
-EXPOSE 53/udp

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2016-2026 Joona Hoikkala
+Copyright (c) 2016 Joona Hoikkala
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -338,6 +338,55 @@ use for the renewal.
 - Generic client library in Go: [https://github.com/cpu/goacmedns](https://github.com/cpu/goacmedns)
 
 
+## Changelog
+- v1.0 
+   - New
+      - Refactoring of the codebase to something more robust
+   - Changed
+      - Updated dependencies
+- v0.8
+   - NOTE: configuration option: "api_domain" deprecated!
+   - New
+      - Automatic HTTP API certificate provisioning using DNS challenges making acme-dns able to acquire certificates even with HTTP api not being accessible from public internet.
+      - Configuration value for "tls": "letsencryptstaging". Setting it will help you to debug possible issues with HTTP API certificate acquiring process. This is the new default value.
+   - Changed
+      - Fixed: EDNS0 support
+      - Migrated from autocert to [certmagic](https://github.com/mholt/certmagic) for HTTP API certificate handling
+- v0.7.2
+   - Changed
+      - Fixed: Regression error of not being able to answer to incoming random-case requests.
+      - Fixed: SOA record added to a correct header field in NXDOMAIN responses.
+- v0.7.1
+   - Changed
+      - Fixed: SOA record correctly added to the TCP DNS server when using both, UDP and TCP servers.
+- v0.7
+   - New
+      - Added an endpoint to perform health checks
+   - Changed
+      - A new protocol selection for DNS server "both", that binds both - UDP and TCP ports.
+      - Refactored DNS server internals.
+      - Handle some aspects of DNS spec better.
+- v0.6
+   - New
+      - Command line flag `-c` to specify location of config file.
+      - Proper refusal of dynamic update requests.
+      - Release signing
+   - Changed
+      - Better error messages for goroutines
+- v0.5
+   - New
+      - Configurable certificate cache directory
+   - Changed
+      - Process wide umask to ensure created files are only readable by the user running acme-dns
+      - Replaced package that handles UUIDs because of a flaw in the original package
+      - Updated dependencies
+      - Better error messages
+- v0.4 Clear error messages for bad TXT record content, proper handling of static CNAME records, fixed IP address parsing from the request, added option to disable registration endpoint in the configuration.
+- v0.3.2 Dockerfile was fixed for users using autocert feature
+- v0.3.1 Added goreleaser for distributing binary builds of the releases
+- v0.3 Changed autocert to use HTTP-01 challenges, as TLS-SNI is disabled by Let's Encrypt
+- v0.2 Now powered by httprouter, support wildcard certificates, Docker images
+- v0.1 Initial release
 
 ## TODO
 
@@ -352,4 +401,4 @@ If you have an idea for improvement, please open an new issue or feel free to wr
 
 ## License
 
-acme-dns is released under the [MIT License](https://www.opensource.org/licenses/MIT).
+acme-dns is released under the [MIT License](http://www.opensource.org/licenses/MIT).