diff --git a/internal/applicant/acmehttpreq.go b/internal/applicant/acmehttpreq.go
new file mode 100644
index 00000000..b836b657
--- /dev/null
+++ b/internal/applicant/acmehttpreq.go
@@ -0,0 +1,43 @@
+package applicant
+
+import (
+	"encoding/json"
+	"net/url"
+	"time"
+
+	"github.com/go-acme/lego/v4/providers/dns/httpreq"
+
+	"github.com/usual2970/certimate/internal/domain"
+)
+
+type acmeHttpReqApplicant struct {
+	option *ApplyOption
+}
+
+func NewACMEHttpReqApplicant(option *ApplyOption) Applicant {
+	return &acmeHttpReqApplicant{
+		option: option,
+	}
+}
+
+func (a *acmeHttpReqApplicant) Apply() (*Certificate, error) {
+	access := &domain.HttpreqAccess{}
+	json.Unmarshal([]byte(a.option.Access), access)
+
+	config := httpreq.NewDefaultConfig()
+	endpoint, _ := url.Parse(access.Endpoint)
+	config.Endpoint = endpoint
+	config.Mode = access.Mode
+	config.Username = access.Username
+	config.Password = access.Password
+	if a.option.Timeout != 0 {
+		config.PropagationTimeout = time.Duration(a.option.Timeout) * time.Second
+	}
+
+	provider, err := httpreq.NewDNSProviderConfig(config)
+	if err != nil {
+		return nil, err
+	}
+
+	return apply(a.option, provider)
+}
diff --git a/internal/applicant/aliyun.go b/internal/applicant/aliyun.go
index 40adf960..82047dc6 100644
--- a/internal/applicant/aliyun.go
+++ b/internal/applicant/aliyun.go
@@ -2,35 +2,38 @@ package applicant
 
 import (
 	"encoding/json"
-	"fmt"
-	"os"
+	"time"
 
 	"github.com/go-acme/lego/v4/providers/dns/alidns"
 
 	"github.com/usual2970/certimate/internal/domain"
 )
 
-type aliyun struct {
+type aliyunApplicant struct {
 	option *ApplyOption
 }
 
-func NewAliyun(option *ApplyOption) Applicant {
-	return &aliyun{
+func NewAliyunApplicant(option *ApplyOption) Applicant {
+	return &aliyunApplicant{
 		option: option,
 	}
 }
 
-func (a *aliyun) Apply() (*Certificate, error) {
+func (a *aliyunApplicant) Apply() (*Certificate, error) {
 	access := &domain.AliyunAccess{}
 	json.Unmarshal([]byte(a.option.Access), access)
 
-	os.Setenv("ALICLOUD_ACCESS_KEY", access.AccessKeyId)
-	os.Setenv("ALICLOUD_SECRET_KEY", access.AccessKeySecret)
-	os.Setenv("ALICLOUD_PROPAGATION_TIMEOUT", fmt.Sprintf("%d", a.option.Timeout))
-	dnsProvider, err := alidns.NewDNSProvider()
+	config := alidns.NewDefaultConfig()
+	config.APIKey = access.AccessKeyId
+	config.SecretKey = access.AccessKeySecret
+	if a.option.Timeout != 0 {
+		config.PropagationTimeout = time.Duration(a.option.Timeout) * time.Second
+	}
+
+	provider, err := alidns.NewDNSProviderConfig(config)
 	if err != nil {
 		return nil, err
 	}
 
-	return apply(a.option, dnsProvider)
+	return apply(a.option, provider)
 }
diff --git a/internal/applicant/applicant.go b/internal/applicant/applicant.go
index e31a2850..c4804559 100644
--- a/internal/applicant/applicant.go
+++ b/internal/applicant/applicant.go
@@ -208,29 +208,33 @@ func GetWithApplyNode(node *domain.WorkflowNode) (Applicant, error) {
 }
 
 func GetWithTypeOption(t string, option *ApplyOption) (Applicant, error) {
+	/*
+	  注意：如果追加新的常量值，请保持以 ASCII 排序。
+	  NOTICE: If you add new constant, please keep ASCII order.
+	*/
 	switch t {
-	case configTypeAliyun:
-		return NewAliyun(option), nil
-	case configTypeTencentCloud:
-		return NewTencent(option), nil
-	case configTypeHuaweiCloud:
-		return NewHuaweiCloud(option), nil
-	case configTypeAWS:
-		return NewAws(option), nil
-	case configTypeCloudflare:
-		return NewCloudflare(option), nil
-	case configTypeNameSilo:
-		return NewNamesilo(option), nil
-	case configTypeGoDaddy:
-		return NewGodaddy(option), nil
-	case configTypePowerDNS:
-		return NewPdns(option), nil
 	case configTypeACMEHttpReq:
-		return NewHttpreq(option), nil
+		return NewACMEHttpReqApplicant(option), nil
+	case configTypeAliyun:
+		return NewAliyunApplicant(option), nil
+	case configTypeAWS:
+		return NewAWSApplicant(option), nil
+	case configTypeCloudflare:
+		return NewCloudflareApplicant(option), nil
+	case configTypeGoDaddy:
+		return NewGoDaddyApplicant(option), nil
+	case configTypeHuaweiCloud:
+		return NewHuaweiCloudApplicant(option), nil
+	case configTypeNameSilo:
+		return NewNamesiloApplicant(option), nil
+	case configTypePowerDNS:
+		return NewPowerDNSApplicant(option), nil
+	case configTypeTencentCloud:
+		return NewTencentCloudApplicant(option), nil
 	case configTypeVolcEngine:
-		return NewVolcengine(option), nil
+		return NewVolcEngineApplicant(option), nil
 	default:
-		return nil, errors.New("unknown config type")
+		return nil, fmt.Errorf("unsupported applicant type: %s", t)
 	}
 }
 
diff --git a/internal/applicant/aws.go b/internal/applicant/aws.go
index be18d747..7563fb59 100644
--- a/internal/applicant/aws.go
+++ b/internal/applicant/aws.go
@@ -2,38 +2,40 @@ package applicant
 
 import (
 	"encoding/json"
-	"fmt"
-	"os"
+	"time"
 
 	"github.com/go-acme/lego/v4/providers/dns/route53"
 
 	"github.com/usual2970/certimate/internal/domain"
 )
 
-type aws struct {
+type awsApplicant struct {
 	option *ApplyOption
 }
 
-func NewAws(option *ApplyOption) Applicant {
-	return &aws{
+func NewAWSApplicant(option *ApplyOption) Applicant {
+	return &awsApplicant{
 		option: option,
 	}
 }
 
-func (t *aws) Apply() (*Certificate, error) {
+func (a *awsApplicant) Apply() (*Certificate, error) {
 	access := &domain.AwsAccess{}
-	json.Unmarshal([]byte(t.option.Access), access)
+	json.Unmarshal([]byte(a.option.Access), access)
 
-	os.Setenv("AWS_REGION", access.Region)
-	os.Setenv("AWS_ACCESS_KEY_ID", access.AccessKeyId)
-	os.Setenv("AWS_SECRET_ACCESS_KEY", access.SecretAccessKey)
-	os.Setenv("AWS_HOSTED_ZONE_ID", access.HostedZoneId)
-	os.Setenv("AWS_PROPAGATION_TIMEOUT", fmt.Sprintf("%d", t.option.Timeout))
+	config := route53.NewDefaultConfig()
+	config.AccessKeyID = access.AccessKeyId
+	config.SecretAccessKey = access.SecretAccessKey
+	config.Region = access.Region
+	config.HostedZoneID = access.HostedZoneId
+	if a.option.Timeout != 0 {
+		config.PropagationTimeout = time.Duration(a.option.Timeout) * time.Second
+	}
 
-	dnsProvider, err := route53.NewDNSProvider()
+	provider, err := route53.NewDNSProviderConfig(config)
 	if err != nil {
 		return nil, err
 	}
 
-	return apply(t.option, dnsProvider)
+	return apply(a.option, provider)
 }
diff --git a/internal/applicant/cloudflare.go b/internal/applicant/cloudflare.go
index f1c40ebe..55605f57 100644
--- a/internal/applicant/cloudflare.go
+++ b/internal/applicant/cloudflare.go
@@ -2,35 +2,37 @@ package applicant
 
 import (
 	"encoding/json"
-	"fmt"
-	"os"
+	"time"
 
-	cf "github.com/go-acme/lego/v4/providers/dns/cloudflare"
+	"github.com/go-acme/lego/v4/providers/dns/cloudflare"
 
 	"github.com/usual2970/certimate/internal/domain"
 )
 
-type cloudflare struct {
+type cloudflareApplicant struct {
 	option *ApplyOption
 }
 
-func NewCloudflare(option *ApplyOption) Applicant {
-	return &cloudflare{
+func NewCloudflareApplicant(option *ApplyOption) Applicant {
+	return &cloudflareApplicant{
 		option: option,
 	}
 }
 
-func (c *cloudflare) Apply() (*Certificate, error) {
+func (a *cloudflareApplicant) Apply() (*Certificate, error) {
 	access := &domain.CloudflareAccess{}
-	json.Unmarshal([]byte(c.option.Access), access)
+	json.Unmarshal([]byte(a.option.Access), access)
 
-	os.Setenv("CLOUDFLARE_DNS_API_TOKEN", access.DnsApiToken)
-	os.Setenv("CLOUDFLARE_PROPAGATION_TIMEOUT", fmt.Sprintf("%d", c.option.Timeout))
+	config := cloudflare.NewDefaultConfig()
+	config.AuthToken = access.DnsApiToken
+	if a.option.Timeout != 0 {
+		config.PropagationTimeout = time.Duration(a.option.Timeout) * time.Second
+	}
 
-	provider, err := cf.NewDNSProvider()
+	provider, err := cloudflare.NewDNSProviderConfig(config)
 	if err != nil {
 		return nil, err
 	}
 
-	return apply(c.option, provider)
+	return apply(a.option, provider)
 }
diff --git a/internal/applicant/godaddy.go b/internal/applicant/godaddy.go
index 7ae40a72..95a628df 100644
--- a/internal/applicant/godaddy.go
+++ b/internal/applicant/godaddy.go
@@ -2,36 +2,38 @@ package applicant
 
 import (
 	"encoding/json"
-	"fmt"
-	"os"
+	"time"
 
-	godaddyProvider "github.com/go-acme/lego/v4/providers/dns/godaddy"
+	"github.com/go-acme/lego/v4/providers/dns/godaddy"
 
 	"github.com/usual2970/certimate/internal/domain"
 )
 
-type godaddy struct {
+type godaddyApplicant struct {
 	option *ApplyOption
 }
 
-func NewGodaddy(option *ApplyOption) Applicant {
-	return &godaddy{
+func NewGoDaddyApplicant(option *ApplyOption) Applicant {
+	return &godaddyApplicant{
 		option: option,
 	}
 }
 
-func (a *godaddy) Apply() (*Certificate, error) {
+func (a *godaddyApplicant) Apply() (*Certificate, error) {
 	access := &domain.GodaddyAccess{}
 	json.Unmarshal([]byte(a.option.Access), access)
 
-	os.Setenv("GODADDY_API_KEY", access.ApiKey)
-	os.Setenv("GODADDY_API_SECRET", access.ApiSecret)
-	os.Setenv("GODADDY_PROPAGATION_TIMEOUT", fmt.Sprintf("%d", a.option.Timeout))
+	config := godaddy.NewDefaultConfig()
+	config.APIKey = access.ApiKey
+	config.APISecret = access.ApiSecret
+	if a.option.Timeout != 0 {
+		config.PropagationTimeout = time.Duration(a.option.Timeout) * time.Second
+	}
 
-	dnsProvider, err := godaddyProvider.NewDNSProvider()
+	provider, err := godaddy.NewDNSProviderConfig(config)
 	if err != nil {
 		return nil, err
 	}
 
-	return apply(a.option, dnsProvider)
+	return apply(a.option, provider)
 }
diff --git a/internal/applicant/httpreq.go b/internal/applicant/httpreq.go
deleted file mode 100644
index 7972b7ae..00000000
--- a/internal/applicant/httpreq.go
+++ /dev/null
@@ -1,38 +0,0 @@
-package applicant
-
-import (
-	"encoding/json"
-	"fmt"
-	"os"
-
-	"github.com/go-acme/lego/v4/providers/dns/httpreq"
-
-	"github.com/usual2970/certimate/internal/domain"
-)
-
-type httpReq struct {
-	option *ApplyOption
-}
-
-func NewHttpreq(option *ApplyOption) Applicant {
-	return &httpReq{
-		option: option,
-	}
-}
-
-func (a *httpReq) Apply() (*Certificate, error) {
-	access := &domain.HttpreqAccess{}
-	json.Unmarshal([]byte(a.option.Access), access)
-
-	os.Setenv("HTTPREQ_ENDPOINT", access.Endpoint)
-	os.Setenv("HTTPREQ_MODE", access.Mode)
-	os.Setenv("HTTPREQ_USERNAME", access.Username)
-	os.Setenv("HTTPREQ_PASSWORD", access.Password)
-	os.Setenv("HTTPREQ_PROPAGATION_TIMEOUT", fmt.Sprintf("%d", a.option.Timeout))
-	dnsProvider, err := httpreq.NewDNSProvider()
-	if err != nil {
-		return nil, err
-	}
-
-	return apply(a.option, dnsProvider)
-}
diff --git a/internal/applicant/huaweicloud.go b/internal/applicant/huaweicloud.go
index 47776400..a5ada431 100644
--- a/internal/applicant/huaweicloud.go
+++ b/internal/applicant/huaweicloud.go
@@ -2,42 +2,45 @@ package applicant
 
 import (
 	"encoding/json"
-	"fmt"
-	"os"
+	"time"
 
-	huaweicloudProvider "github.com/go-acme/lego/v4/providers/dns/huaweicloud"
+	huaweicloud "github.com/go-acme/lego/v4/providers/dns/huaweicloud"
 
 	"github.com/usual2970/certimate/internal/domain"
 )
 
-type huaweicloud struct {
+type huaweicloudApplicant struct {
 	option *ApplyOption
 }
 
-func NewHuaweiCloud(option *ApplyOption) Applicant {
-	return &huaweicloud{
+func NewHuaweiCloudApplicant(option *ApplyOption) Applicant {
+	return &huaweicloudApplicant{
 		option: option,
 	}
 }
 
-func (t *huaweicloud) Apply() (*Certificate, error) {
+func (a *huaweicloudApplicant) Apply() (*Certificate, error) {
 	access := &domain.HuaweiCloudAccess{}
-	json.Unmarshal([]byte(t.option.Access), access)
+	json.Unmarshal([]byte(a.option.Access), access)
 
 	region := access.Region
 	if region == "" {
+		// 华为云的 SDK 要求必须传一个区域，实际上 DNS-01 流程里用不到，但不传会报错
 		region = "cn-north-1"
 	}
 
-	os.Setenv("HUAWEICLOUD_REGION", region) // 华为云的 SDK 要求必须传一个区域，实际上 DNS-01 流程里用不到，但不传会报错
-	os.Setenv("HUAWEICLOUD_ACCESS_KEY_ID", access.AccessKeyId)
-	os.Setenv("HUAWEICLOUD_SECRET_ACCESS_KEY", access.SecretAccessKey)
-	os.Setenv("HUAWEICLOUD_PROPAGATION_TIMEOUT", fmt.Sprintf("%d", t.option.Timeout))
+	config := huaweicloud.NewDefaultConfig()
+	config.AccessKeyID = access.AccessKeyId
+	config.SecretAccessKey = access.SecretAccessKey
+	config.Region = region
+	if a.option.Timeout != 0 {
+		config.PropagationTimeout = time.Duration(a.option.Timeout) * time.Second
+	}
 
-	dnsProvider, err := huaweicloudProvider.NewDNSProvider()
+	provider, err := huaweicloud.NewDNSProviderConfig(config)
 	if err != nil {
 		return nil, err
 	}
 
-	return apply(t.option, dnsProvider)
+	return apply(a.option, provider)
 }
diff --git a/internal/applicant/namesilo.go b/internal/applicant/namesilo.go
index 55fd3b3c..43c25ae6 100644
--- a/internal/applicant/namesilo.go
+++ b/internal/applicant/namesilo.go
@@ -2,35 +2,37 @@ package applicant
 
 import (
 	"encoding/json"
-	"fmt"
-	"os"
+	"time"
 
-	namesiloProvider "github.com/go-acme/lego/v4/providers/dns/namesilo"
+	namesilo "github.com/go-acme/lego/v4/providers/dns/namesilo"
 
 	"github.com/usual2970/certimate/internal/domain"
 )
 
-type namesilo struct {
+type namesiloApplicant struct {
 	option *ApplyOption
 }
 
-func NewNamesilo(option *ApplyOption) Applicant {
-	return &namesilo{
+func NewNamesiloApplicant(option *ApplyOption) Applicant {
+	return &namesiloApplicant{
 		option: option,
 	}
 }
 
-func (a *namesilo) Apply() (*Certificate, error) {
+func (a *namesiloApplicant) Apply() (*Certificate, error) {
 	access := &domain.NameSiloAccess{}
 	json.Unmarshal([]byte(a.option.Access), access)
 
-	os.Setenv("NAMESILO_API_KEY", access.ApiKey)
-	os.Setenv("NAMESILO_PROPAGATION_TIMEOUT", fmt.Sprintf("%d", a.option.Timeout))
+	config := namesilo.NewDefaultConfig()
+	config.APIKey = access.ApiKey
+	if a.option.Timeout != 0 {
+		config.PropagationTimeout = time.Duration(a.option.Timeout) * time.Second
+	}
 
-	dnsProvider, err := namesiloProvider.NewDNSProvider()
+	provider, err := namesilo.NewDNSProviderConfig(config)
 	if err != nil {
 		return nil, err
 	}
 
-	return apply(a.option, dnsProvider)
+	return apply(a.option, provider)
 }
diff --git a/internal/applicant/pdns.go b/internal/applicant/pdns.go
deleted file mode 100644
index 2c84c85e..00000000
--- a/internal/applicant/pdns.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package applicant
-
-import (
-	"encoding/json"
-	"fmt"
-	"os"
-
-	"github.com/go-acme/lego/v4/providers/dns/pdns"
-
-	"github.com/usual2970/certimate/internal/domain"
-)
-
-type powerdns struct {
-	option *ApplyOption
-}
-
-func NewPdns(option *ApplyOption) Applicant {
-	return &powerdns{
-		option: option,
-	}
-}
-
-func (a *powerdns) Apply() (*Certificate, error) {
-	access := &domain.PdnsAccess{}
-	json.Unmarshal([]byte(a.option.Access), access)
-
-	os.Setenv("PDNS_API_URL", access.ApiUrl)
-	os.Setenv("PDNS_API_KEY", access.ApiKey)
-	os.Setenv("PDNS_PROPAGATION_TIMEOUT", fmt.Sprintf("%d", a.option.Timeout))
-	dnsProvider, err := pdns.NewDNSProvider()
-	if err != nil {
-		return nil, err
-	}
-
-	return apply(a.option, dnsProvider)
-}
diff --git a/internal/applicant/powerdns.go b/internal/applicant/powerdns.go
new file mode 100644
index 00000000..92567131
--- /dev/null
+++ b/internal/applicant/powerdns.go
@@ -0,0 +1,41 @@
+package applicant
+
+import (
+	"encoding/json"
+	"net/url"
+	"time"
+
+	"github.com/go-acme/lego/v4/providers/dns/pdns"
+
+	"github.com/usual2970/certimate/internal/domain"
+)
+
+type powerdnsApplicant struct {
+	option *ApplyOption
+}
+
+func NewPowerDNSApplicant(option *ApplyOption) Applicant {
+	return &powerdnsApplicant{
+		option: option,
+	}
+}
+
+func (a *powerdnsApplicant) Apply() (*Certificate, error) {
+	access := &domain.PdnsAccess{}
+	json.Unmarshal([]byte(a.option.Access), access)
+
+	config := pdns.NewDefaultConfig()
+	host, _ := url.Parse(access.ApiUrl)
+	config.Host = host
+	config.APIKey = access.ApiKey
+	if a.option.Timeout != 0 {
+		config.PropagationTimeout = time.Duration(a.option.Timeout) * time.Second
+	}
+
+	provider, err := pdns.NewDNSProviderConfig(config)
+	if err != nil {
+		return nil, err
+	}
+
+	return apply(a.option, provider)
+}
diff --git a/internal/applicant/tencent.go b/internal/applicant/tencent.go
deleted file mode 100644
index 4733e22e..00000000
--- a/internal/applicant/tencent.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package applicant
-
-import (
-	"encoding/json"
-	"fmt"
-	"os"
-
-	"github.com/go-acme/lego/v4/providers/dns/tencentcloud"
-
-	"github.com/usual2970/certimate/internal/domain"
-)
-
-type tencent struct {
-	option *ApplyOption
-}
-
-func NewTencent(option *ApplyOption) Applicant {
-	return &tencent{
-		option: option,
-	}
-}
-
-func (t *tencent) Apply() (*Certificate, error) {
-	access := &domain.TencentAccess{}
-	json.Unmarshal([]byte(t.option.Access), access)
-
-	os.Setenv("TENCENTCLOUD_SECRET_ID", access.SecretId)
-	os.Setenv("TENCENTCLOUD_SECRET_KEY", access.SecretKey)
-	os.Setenv("TENCENTCLOUD_PROPAGATION_TIMEOUT", fmt.Sprintf("%d", t.option.Timeout))
-
-	dnsProvider, err := tencentcloud.NewDNSProvider()
-	if err != nil {
-		return nil, err
-	}
-
-	return apply(t.option, dnsProvider)
-}
diff --git a/internal/applicant/tencentcloud.go b/internal/applicant/tencentcloud.go
new file mode 100644
index 00000000..eb340d62
--- /dev/null
+++ b/internal/applicant/tencentcloud.go
@@ -0,0 +1,39 @@
+package applicant
+
+import (
+	"encoding/json"
+	"time"
+
+	"github.com/go-acme/lego/v4/providers/dns/tencentcloud"
+
+	"github.com/usual2970/certimate/internal/domain"
+)
+
+type tencentcloudApplicant struct {
+	option *ApplyOption
+}
+
+func NewTencentCloudApplicant(option *ApplyOption) Applicant {
+	return &tencentcloudApplicant{
+		option: option,
+	}
+}
+
+func (a *tencentcloudApplicant) Apply() (*Certificate, error) {
+	access := &domain.TencentAccess{}
+	json.Unmarshal([]byte(a.option.Access), access)
+
+	config := tencentcloud.NewDefaultConfig()
+	config.SecretID = access.SecretId
+	config.SecretKey = access.SecretKey
+	if a.option.Timeout != 0 {
+		config.PropagationTimeout = time.Duration(a.option.Timeout) * time.Second
+	}
+
+	provider, err := tencentcloud.NewDNSProviderConfig(config)
+	if err != nil {
+		return nil, err
+	}
+
+	return apply(a.option, provider)
+}
diff --git a/internal/applicant/volcengine.go b/internal/applicant/volcengine.go
index 3ab91741..5222d26f 100644
--- a/internal/applicant/volcengine.go
+++ b/internal/applicant/volcengine.go
@@ -2,34 +2,37 @@ package applicant
 
 import (
 	"encoding/json"
-	"fmt"
-	"os"
+	"time"
 
-	volcengineDns "github.com/go-acme/lego/v4/providers/dns/volcengine"
+	"github.com/go-acme/lego/v4/providers/dns/volcengine"
 	"github.com/usual2970/certimate/internal/domain"
 )
 
-type volcengine struct {
+type volcengineApplicant struct {
 	option *ApplyOption
 }
 
-func NewVolcengine(option *ApplyOption) Applicant {
-	return &volcengine{
+func NewVolcEngineApplicant(option *ApplyOption) Applicant {
+	return &volcengineApplicant{
 		option: option,
 	}
 }
 
-func (a *volcengine) Apply() (*Certificate, error) {
+func (a *volcengineApplicant) Apply() (*Certificate, error) {
 	access := &domain.VolcEngineAccess{}
 	json.Unmarshal([]byte(a.option.Access), access)
 
-	os.Setenv("VOLC_ACCESSKEY", access.AccessKeyId)
-	os.Setenv("VOLC_SECRETKEY", access.SecretAccessKey)
-	os.Setenv("VOLC_PROPAGATION_TIMEOUT", fmt.Sprintf("%d", a.option.Timeout))
-	dnsProvider, err := volcengineDns.NewDNSProvider()
+	config := volcengine.NewDefaultConfig()
+	config.AccessKey = access.AccessKeyId
+	config.SecretKey = access.SecretAccessKey
+	if a.option.Timeout != 0 {
+		config.PropagationTimeout = time.Duration(a.option.Timeout) * time.Second
+	}
+
+	provider, err := volcengine.NewDNSProviderConfig(config)
 	if err != nil {
 		return nil, err
 	}
 
-	return apply(a.option, dnsProvider)
+	return apply(a.option, provider)
 }