From f987fae7e0935ba79f97c900de607467c0240b83 Mon Sep 17 00:00:00 2001
From: Fabian Weisshaar <elnappo@nerdpol.io>
Date: Tue, 26 Jan 2016 14:33:18 +0100
Subject: [PATCH] fixes #246, #249, #253. except DnsUpdateError and use random
 IP in check_domain(). The delete() was removed because after an add() the
 nameserver need time to process the nsupdate query. This leads to an NXDOMAIN
 response on current ip check in delete() thus the delete() call fails.

---
 docs/examples/bind9/named.conf                       |  2 ++
 nsupdate/main/dnstools.py                            | 12 ++++++------
 nsupdate/main/templates/main/generate_ns_secret.html |  2 ++
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/docs/examples/bind9/named.conf b/docs/examples/bind9/named.conf
index d7bae71..8b17033 100644
--- a/docs/examples/bind9/named.conf
+++ b/docs/examples/bind9/named.conf
@@ -23,6 +23,8 @@ zone nsupdate.info {
             deny  nsupdate.info.      name  www.nsupdate.info;
             deny  nsupdate.info.      name ipv4.nsupdate.info;
             deny  nsupdate.info.      name ipv6.nsupdate.info;
+            // this host is for testing if the nameserver is configured correctly and reachable
+            grant nsupdate.info. name connectivity-test.nsupdate.info A;
             // but we allow updates to any other host:
             grant nsupdate.info. subdomain nsupdate.info;
         };
diff --git a/nsupdate/main/dnstools.py b/nsupdate/main/dnstools.py
index f2f9069..69a3496 100644
--- a/nsupdate/main/dnstools.py
+++ b/nsupdate/main/dnstools.py
@@ -24,6 +24,8 @@ import logging
 logger = logging.getLogger(__name__)
 
 import socket
+import random
+import struct
 
 import dns.inet
 import dns.name
@@ -104,18 +106,16 @@ def check_domain(domain):
 
     from .models import Domain
     d = Domain.objects.get(name=domain)
-    # temporarily set domain to available
+    # temporarily set domain to available to allow add/update/deletes
     domain_available_state = d.available
     d.available = True
     d.save()
 
     try:
-        # add to primary
-        add(fqdn, "8.8.8.8")
-        # delete on primary
-        delete(fqdn)
+        # add host connectivity-test.<domain> with a random IP. See add()
+        add(fqdn, socket.inet_ntoa(struct.pack('>I', random.randint(1, 0xffffffff))))
 
-    except (dns.exception.DNSException, ) as e:
+    except (dns.exception.DNSException, DnsUpdateError) as e:
         raise NameServerNotAvailable(str(e))
 
     finally:
diff --git a/nsupdate/main/templates/main/generate_ns_secret.html b/nsupdate/main/templates/main/generate_ns_secret.html
index 3537cae..57e777d 100644
--- a/nsupdate/main/templates/main/generate_ns_secret.html
+++ b/nsupdate/main/templates/main/generate_ns_secret.html
@@ -42,6 +42,8 @@ zone {{ object.name }} {
             deny  {{ object.name }}.      name  www.{{ object.name }};
             deny  {{ object.name }}.      name ipv4.{{ object.name }};
             deny  {{ object.name }}.      name ipv6.{{ object.name }};
+            // this host is for testing if the nameserver is configured correctly and reachable
+            grant {{ object.name }}. name connectivity-test.{{ object.name }} A;
             // but we allow updates to any other host:
             grant {{ object.name }}. subdomain {{ object.name }};
         };