fix(dns): query _gondulf subdomain for domain verification

The DNS TXT verification was querying the base domain instead of _gondulf.{domain}, causing verification to always fail even when users had correctly configured their DNS records. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-22 17:46:38 -07:00
parent bf69588426
commit 1ef5cd9229
5 changed files with 548 additions and 5 deletions
--- a/src/gondulf/dns.py
+++ b/src/gondulf/dns.py
@@ -94,32 +94,45 @@ class DNSService:
        """
        Verify that domain has a TXT record with the expected value.

+        For Gondulf domain verification (expected_value="gondulf-verify-domain"),
+        queries the _gondulf.{domain} subdomain as per specification.
+
        Args:
-            domain: Domain name to verify
+            domain: Domain name to verify (e.g., "example.com")
            expected_value: Expected TXT record value

        Returns:
            True if expected value found in TXT records, False otherwise
        """
        try:
-            txt_records = self.get_txt_records(domain)
+            # For Gondulf domain verification, query _gondulf subdomain
+            if expected_value == "gondulf-verify-domain":
+                query_domain = f"_gondulf.{domain}"
+            else:
+                query_domain = domain
+
+            txt_records = self.get_txt_records(query_domain)

            # Check if expected value is in any TXT record
            for record in txt_records:
                if expected_value in record:
                    logger.info(
-                        f"TXT record verification successful for domain={domain}"
+                        f"TXT record verification successful for domain={domain} "
+                        f"(queried {query_domain})"
                    )
                    return True

            logger.debug(
                f"TXT record verification failed: expected value not found "
-                f"for domain={domain}"
+                f"for domain={domain} (queried {query_domain})"
            )
            return False

        except DNSError as e:
-            logger.warning(f"TXT record verification failed for domain={domain}: {e}")
+            logger.warning(
+                f"TXT record verification failed for domain={domain} "
+                f"(queried {query_domain}): {e}"
+            )
            return False

    def check_domain_exists(self, domain: str) -> bool: