Potential Issue with NS Server Querying for DNS Challenges

[VisoTC]

If I configure a wildcard domain (e.g., *.example.com) via a CNAME record, and the CNAME points to an external domain (e.g., www.example2.com), Caddy will directly query the NS servers of example2.com. This results in a failure to locate the _acme-challenge.example.com TXT record. Is this behavior intentional?

Error Logs

2024/11/25 15:21:13.452 INFO    tls.obtain      obtaining certificate   {"identifier": "*.example.net"}
2024/11/25 15:21:13.452 INFO    tls.issuance.acme       using ACME account      {"account_id": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/XXXXXXX", "account_contact": ["mailto:[email protected]"]}
2024/11/25 15:21:18.016 INFO    tls.issuance.acme.acme_client   trying to solve challenge       {"identifier": "*.example.net", "challenge_type": "dns-01", "ca": "https://acme-staging-v02.api.letsencrypt.org/directory"}
2024/11/25 15:21:46.913 ERROR   tls.obtain      could not get certificate from issuer   {"identifier": "*.example.net", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[*.nas.example.net] solving challenges: waiting for solver certmagic.solverWrapper to be ready: checking DNS propagation of \"_acme-challenge.example.net.\" (relative=_acme-challenge.nas zone=example.net. resolvers=[127.0.0.53:53]): querying authoritative nameservers: dial tcp (this is example2.com NS server): 53: i/o timeout (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/XXXXXXX/XXXXXXXXXXX) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}