Adds cmd flag for controlling if authoritative dns servers are used to
check RR propagation or just normal resolvers.
This change is added so that constrained enviornments can control more
aspects of DNS queries performed.
- Applying PR feedback
Signed-off-by: Thomas Miller <thomas@tlm.id.au>
Domain for which certificate is asked for can have a CNAME, so we should check it.
If domain has a CNAME, create the challange TXT record in the alias domain.
This is useful in the scenario where a company like us is using some DNS provider
which is not supported dynamically. We can then create a CNAME for records like
_acme-challenge.example.com -> example.aws.hosted.com
So this will allow us getting cert for *.example.com with creating txt record in route53 for above exxample.
With async challenge Check, it is often happens,
that solver.Check() fails on first run after solver.Present()
Cert-manager then tries again, but starts with solver.Present(),
which not being idempotent right now fails on certain DNS providers.
This change swaps order of solver.Check() and solver.Present().
Check is not returning error if propagation not happened, it then
allows Present() to run.
In the current form, Present() will be spamming with errors,
but this doesn't stop Check from happening on every attempt,
so eventually Challenge can be verified and accepted. In the future,
Present() should be made idempotent.
If /etc/resolv.conf does not have any entries, then its unlikely
that the domain name representation of google's DNS would get
resolved too. Hence using IP address directly makes sense.
