Use _sish as the dns prefix

docs/posts/advanced.md

@@ -38,14 +38,10 @@ sish supports allowing users to bring custom domains to the service, but SSH key
 auth is required to be enabled. To use this feature, you must setup TXT and
 CNAME/A records for the domain/subdomain you would like to use for your
 forwarded connection. The CNAME/A record must point to the domain or IP that is
-hosting sish. The TXT record must be be a `key=val` string that looks like:
+hosting sish. The TXT record must be for `_sish.customdomain` and contain an ssh key fingerprint.
 
-```text
-sish=SSHKEYFINGERPRINT
-```
-
-Where `SSHKEYFINGERPRINT` is the fingerprint of the key used for logging into
-the server. You can set multiple TXT records and sish will check all of them to
+You must use the fingerprint of the key used for logging into the server.
+You can set multiple TXT records and sish will check all of them to
 ensure at least one is a match. You can retrieve your key fingerprint by
 running:
 

utils/utils.go

@@ -40,7 +40,7 @@ import (
 
 const (
 	// sishDNSPrefix is the prefix used for DNS TXT records.
-	sishDNSPrefix = "sish="
+	sishDNSPrefix = "_sish"
 
 	// Prefix used for defining wildcard host matchers.
 	wildcardPrefix = "*."
@@ -638,16 +638,12 @@ func verifyDNS(addr string, sshConn *SSHConnection) (bool, string, error) {
 		return false, "", nil
 	}
 
-	records, err := net.LookupTXT(addr)
+	records, err := net.LookupTXT(fmt.Sprintf("%s.%s", sishDNSPrefix, addr))
 
 	for _, v := range records {
-		if strings.HasPrefix(v, sishDNSPrefix) {
-			dnsPubKeyFingerprint := strings.TrimSpace(strings.TrimPrefix(v, sishDNSPrefix))
-
-			match := sshConn.SSHConn.Permissions.Extensions["pubKeyFingerprint"] == dnsPubKeyFingerprint
-			if match {
-				return match, dnsPubKeyFingerprint, err
-			}
+		match := sshConn.SSHConn.Permissions.Extensions["pubKeyFingerprint"] == v
+		if match {
+			return match, v, err
 		}
 	}