1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

nsupdate: issues/4657 (#5377) (#5460)

* Insert new entries before deleting old ones.
resolves #4657

* Slight wording changes.

* lint fix

* Address lint

* Added changelog
Fixed lint

* More linting

* Update changelogs/fragments/5377-nsupdate-ns-records-with-bind.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 5cb9a9e4f0)

Co-authored-by: Simon-TheUser <35318753+Simon-TheUser@users.noreply.github.com>
This commit is contained in:
patchback[bot] 2022-11-02 20:29:30 +01:00 committed by GitHub
parent 21423ca6a0
commit b87196348a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 32 additions and 1 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- nsupdate - fix silent failures when updating ``NS`` entries from Bind9 managed DNS zones (https://github.com/ansible-collections/community.general/issues/4657).

View file

@ -339,7 +339,31 @@ class RecordManager(object):
def modify_record(self): def modify_record(self):
update = dns.update.Update(self.zone, keyring=self.keyring, keyalgorithm=self.algorithm) update = dns.update.Update(self.zone, keyring=self.keyring, keyalgorithm=self.algorithm)
if self.module.params['type'].upper() == 'NS':
# When modifying a NS record, Bind9 silently refuses to delete all the NS entries for a zone:
# > 09-May-2022 18:00:50.352 client @0x7fe7dd1f9568 192.168.1.3#45458/key rndc_ddns_ansible:
# > updating zone 'lab/IN': attempt to delete all SOA or NS records ignored
# https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_18/lib/ns/update.c#L3304
# Let's perform dns inserts and updates first, deletes after.
query = dns.message.make_query(self.module.params['record'], self.module.params['type'])
if self.keyring:
query.use_tsig(keyring=self.keyring, algorithm=self.algorithm)
try:
if self.module.params['protocol'] == 'tcp':
lookup = dns.query.tcp(query, self.module.params['server'], timeout=10, port=self.module.params['port'])
else:
lookup = dns.query.udp(query, self.module.params['server'], timeout=10, port=self.module.params['port'])
except (dns.tsig.PeerBadKey, dns.tsig.PeerBadSignature) as e:
self.module.fail_json(msg='TSIG update error (%s): %s' % (e.__class__.__name__, to_native(e)))
except (socket_error, dns.exception.Timeout) as e:
self.module.fail_json(msg='DNS server error: (%s): %s' % (e.__class__.__name__, to_native(e)))
entries_to_remove = [n.to_text() for n in lookup.answer[0].items if n.to_text() not in self.value]
else:
update.delete(self.module.params['record'], self.module.params['type']) update.delete(self.module.params['record'], self.module.params['type'])
for entry in self.value: for entry in self.value:
try: try:
update.add(self.module.params['record'], update.add(self.module.params['record'],
@ -350,6 +374,11 @@ class RecordManager(object):
self.module.fail_json(msg='value needed when state=present') self.module.fail_json(msg='value needed when state=present')
except dns.exception.SyntaxError: except dns.exception.SyntaxError:
self.module.fail_json(msg='Invalid/malformed value') self.module.fail_json(msg='Invalid/malformed value')
if self.module.params['type'].upper() == 'NS':
for entry in entries_to_remove:
update.delete(self.module.params['record'], self.module.params['type'], entry)
response = self.__do_update(update) response = self.__do_update(update)
return dns.message.Message.rcode(response) return dns.message.Message.rcode(response)