Private/Resolve-TXTAuthoritative.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
function Resolve-TXTAuthoritative {
    [CmdletBinding()]
    param(
        [string]$FQDN
    )

    # The goal here is to mimic the TXT record check the ACME server will perform
    # when we submit the challenge validation requests. In particular, they query
    # the authoritative nameservers for the record and then specifically query them
    # for the TXT record rather than using potentially cached results from a local
    # resolver.

    # Unfortunately, Resolve-DnsName is only supported on Win8/2012 and newer and
    # Win7/2008R2 are not EOL until January 2020. TBD what to do about that.

    # First, find the list of authoritative nameservers for the FQDN
    $recPieces = $FQDN.Split('.')
    for ($i=0; $i -lt ($recPieces.Count-1); $i++) {
        $recCheck = $recPieces[$i..($recPieces.Count-1)] -join '.'
        $result = Resolve-DnsName $recCheck NS -EA SilentlyContinue
        if ($result) { break }
    }

    if ($result) {
        Write-Verbose "Nameservers found"
        $result
    } else {

    }

}