fixes #246, #249, #253. except DnsUpdateError and use random IP in check_domain().

The delete() was removed because after an add() the nameserver need time to process the nsupdate query. This leads to an NXDOMAIN response on current ip check in delete() thus the delete() call fails.
2016-01-26 14:33:18 +01:00 · 2016-01-26 14:33:18 +01:00 · f987fae7e0
commit f987fae7e0
parent 4c6b7b56a0
3 changed files with 10 additions and 6 deletions
--- a/docs/examples/bind9/named.conf
+++ b/docs/examples/bind9/named.conf
@ -23,6 +23,8 @@ zone nsupdate.info {
            deny  nsupdate.info.      name  www.nsupdate.info;
            deny  nsupdate.info.      name ipv4.nsupdate.info;
            deny  nsupdate.info.      name ipv6.nsupdate.info;
+            // this host is for testing if the nameserver is configured correctly and reachable
+            grant nsupdate.info. name connectivity-test.nsupdate.info A;
            // but we allow updates to any other host:
            grant nsupdate.info. subdomain nsupdate.info;
        };
--- a/nsupdate/main/dnstools.py
+++ b/nsupdate/main/dnstools.py
@ -24,6 +24,8 @@ import logging
 logger = logging.getLogger(__name__)

 import socket
+import random
+import struct

 import dns.inet
 import dns.name
@ -104,18 +106,16 @@ def check_domain(domain):

    from .models import Domain
    d = Domain.objects.get(name=domain)
-    # temporarily set domain to available
+    # temporarily set domain to available to allow add/update/deletes
    domain_available_state = d.available
    d.available = True
    d.save()

    try:
-        # add to primary
-        add(fqdn, "8.8.8.8")
-        # delete on primary
-        delete(fqdn)
+        # add host connectivity-test.<domain> with a random IP. See add()
+        add(fqdn, socket.inet_ntoa(struct.pack('>I', random.randint(1, 0xffffffff))))

-    except (dns.exception.DNSException, ) as e:
+    except (dns.exception.DNSException, DnsUpdateError) as e:
        raise NameServerNotAvailable(str(e))

    finally:
--- a/nsupdate/main/templates/main/generate_ns_secret.html
+++ b/nsupdate/main/templates/main/generate_ns_secret.html
@ -42,6 +42,8 @@ zone {{ object.name }} {
            deny  {{ object.name }}.      name  www.{{ object.name }};
            deny  {{ object.name }}.      name ipv4.{{ object.name }};
            deny  {{ object.name }}.      name ipv6.{{ object.name }};
+            // this host is for testing if the nameserver is configured correctly and reachable
+            grant {{ object.name }}. name connectivity-test.{{ object.name }} A;
            // but we allow updates to any other host:
            grant {{ object.name }}. subdomain {{ object.name }};
        };