From ea77a9ab67d8c04f513adaf0a1c648c738e25922 Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Tue, 25 Mar 2025 16:24:16 -0600
Subject: [PATCH] caddytls: Temporarily treat "" and "@" as equivalent for DNS
 publication

Fixes https://github.com/caddyserver/caddy/issues/6895#issuecomment-2750111096
---
 modules/caddytls/ech.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/caddytls/ech.go b/modules/caddytls/ech.go
index 142cf48d6..f7b8db995 100644
--- a/modules/caddytls/ech.go
+++ b/modules/caddytls/ech.go
@@ -660,7 +660,8 @@ nextName:
 		var httpsRec libdns.Record
 		var nameHasExistingRecord bool
 		for _, rec := range recs {
-			if rec.Name == relName {
+			// TODO: providers SHOULD normalize root-level records to be named "@"; remove the extra conditions when the transition to the new semantics is done
+			if rec.Name == relName || (rec.Name == "" && relName == "@") {
 				// CNAME records are exclusive of all other records, so we cannot publish an HTTPS
 				// record for a domain that is CNAME'd. See #6922.
 				if rec.Type == "CNAME" {