1 files changed, 12 insertions, 77 deletions
diff --git a/kerberos.sh b/kerberos.sh
index 2bbfd0f..08663d8 100644
--- a/kerberos.sh
+++ b/kerberos.sh
@@ -2,6 +2,7 @@
 # This source code is released into the public domain.
 
 . /usr/local/share/lfacme/init.sh
+. /usr/local/share/lfacme/dnsutils.sh
 
 # begin, done or failed
 ACTION=$1
@@ -30,36 +31,6 @@ if ! kinit -k -t "$ACME_KERBEROS_KEYTAB" "$ACME_KERBEROS_PRINCIPAL"; then
 	_fatal "failed to obtain a Kerberos ticket"
 fi
 
-# Keep removing labels from the name until we find one with nameservers.
-_getnameservers() {
-	local domain="$1"
-
-	local _trydomain="$domain"
-	while ! [ -z "$_trydomain" ]; do
-		if [ "$_trydomain" = "${_trydomain#*.}" ]; then
-			# If there are no dots in the domain, we couldn't
-			# find the nameservers.
-			break
-		fi
-
-		# For CNAME records, a query for NS will return the CNAME.
-		# Therefore we have to check we actually got NS records.
-		local nameservers="$(
-			dig "$_trydomain" ns +noall +answer | \
-			awk '$4 == "NS" { print $5 }'
-		)"
-
-		if ! [ -z "$nameservers" ]; then
-			echo "$nameservers"
-			return
-		fi
-
-		_trydomain="${_trydomain#*.}"
-	done
-
-	_fatal "unable to find nameservers for %s" "$_trydomain"
-}
-
 # Add a new record using nsupdate.
 _add_record() {
 	local domain="$1"
@@ -84,56 +55,20 @@ EOF
 	return $?
 }
 
-# Wait for the DNS record to appear on a specific nameserver.
-_wait_for_nameserver() {
-	local domain="$1"
-	local auth="$2"
-	local nameserver="$3"
-
-	_verbose "waiting for nameserver %s" "$nameserver"
-
-	local waited=0
-	local waitlimit=60
-	while sleep 1; do
-		waited=$((waited + 1))
-		if [ "$waited" -ge "$waitlimit" ]; then
-			_error "timed out waiting for '%s' on '%s'" \
-				"$domain" "$nameserver"
-			return 1
+case "$ACTION" in
+	begin)
+		if ! _add_record "$DOMAIN" "$AUTH"; then
+			_fatal "failed to add the DNS record for %s" "$DOMAIN"
+			exit 1
 		fi
 
-		local _rdatas="$(
-			dig "_acme-challenge.$domain" txt @$nameserver \
-				+noall +answer \
-			| awk '$4 == "TXT" { print $5 }'
-		)"
-		for rdata in $_rdatas; do
-			if [ "$rdata" = "\"$auth\"" ]; then
-				return 0
-			fi
-		done
-	done
-}
-
-# Wait for DNS servers to have the given record.
-_wait_for_record() {
-	local domain="$1"
-	local auth="$2"
-	local nameservers="$(_getnameservers "$domain")"
-
-	_verbose "waiting for the DNS record '%s' to be published" "$domain"
-	for ns in $nameservers; do
-		_wait_for_nameserver "$domain" "$auth" "$ns" || return 1
-	done
-
-	return 0
-}
+		if ! lfacme_dns_wait_for_record "$DOMAIN" "$AUTH"; then
+			_fatal "timed out waiting for the DNS record for '%s' to be published" \
+				"$DOMAIN"
+			exit 1
+		fi
 
-case "$ACTION" in
-	begin)
-		_add_record "$DOMAIN" "$AUTH" \
-		&& _wait_for_record "$DOMAIN" "$AUTH"
-		exit $?
+		exit 0
 		;;
 
 	done|failed)