mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
* Insert new entries before deleting old ones.
resolves #4657
* Slight wording changes.
* lint fix
* Address lint
* Added changelog
Fixed lint
* More linting
* Update changelogs/fragments/5377-nsupdate-ns-records-with-bind.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 5cb9a9e4f0
)
Co-authored-by: Simon-TheUser <35318753+Simon-TheUser@users.noreply.github.com>
This commit is contained in:
parent
21423ca6a0
commit
b87196348a
2 changed files with 32 additions and 1 deletions
|
@ -0,0 +1,2 @@
|
||||||
|
bugfixes:
|
||||||
|
- nsupdate - fix silent failures when updating ``NS`` entries from Bind9 managed DNS zones (https://github.com/ansible-collections/community.general/issues/4657).
|
|
@ -339,7 +339,31 @@ class RecordManager(object):
|
||||||
|
|
||||||
def modify_record(self):
|
def modify_record(self):
|
||||||
update = dns.update.Update(self.zone, keyring=self.keyring, keyalgorithm=self.algorithm)
|
update = dns.update.Update(self.zone, keyring=self.keyring, keyalgorithm=self.algorithm)
|
||||||
|
|
||||||
|
if self.module.params['type'].upper() == 'NS':
|
||||||
|
# When modifying a NS record, Bind9 silently refuses to delete all the NS entries for a zone:
|
||||||
|
# > 09-May-2022 18:00:50.352 client @0x7fe7dd1f9568 192.168.1.3#45458/key rndc_ddns_ansible:
|
||||||
|
# > updating zone 'lab/IN': attempt to delete all SOA or NS records ignored
|
||||||
|
# https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_18/lib/ns/update.c#L3304
|
||||||
|
# Let's perform dns inserts and updates first, deletes after.
|
||||||
|
query = dns.message.make_query(self.module.params['record'], self.module.params['type'])
|
||||||
|
if self.keyring:
|
||||||
|
query.use_tsig(keyring=self.keyring, algorithm=self.algorithm)
|
||||||
|
|
||||||
|
try:
|
||||||
|
if self.module.params['protocol'] == 'tcp':
|
||||||
|
lookup = dns.query.tcp(query, self.module.params['server'], timeout=10, port=self.module.params['port'])
|
||||||
|
else:
|
||||||
|
lookup = dns.query.udp(query, self.module.params['server'], timeout=10, port=self.module.params['port'])
|
||||||
|
except (dns.tsig.PeerBadKey, dns.tsig.PeerBadSignature) as e:
|
||||||
|
self.module.fail_json(msg='TSIG update error (%s): %s' % (e.__class__.__name__, to_native(e)))
|
||||||
|
except (socket_error, dns.exception.Timeout) as e:
|
||||||
|
self.module.fail_json(msg='DNS server error: (%s): %s' % (e.__class__.__name__, to_native(e)))
|
||||||
|
|
||||||
|
entries_to_remove = [n.to_text() for n in lookup.answer[0].items if n.to_text() not in self.value]
|
||||||
|
else:
|
||||||
update.delete(self.module.params['record'], self.module.params['type'])
|
update.delete(self.module.params['record'], self.module.params['type'])
|
||||||
|
|
||||||
for entry in self.value:
|
for entry in self.value:
|
||||||
try:
|
try:
|
||||||
update.add(self.module.params['record'],
|
update.add(self.module.params['record'],
|
||||||
|
@ -350,6 +374,11 @@ class RecordManager(object):
|
||||||
self.module.fail_json(msg='value needed when state=present')
|
self.module.fail_json(msg='value needed when state=present')
|
||||||
except dns.exception.SyntaxError:
|
except dns.exception.SyntaxError:
|
||||||
self.module.fail_json(msg='Invalid/malformed value')
|
self.module.fail_json(msg='Invalid/malformed value')
|
||||||
|
|
||||||
|
if self.module.params['type'].upper() == 'NS':
|
||||||
|
for entry in entries_to_remove:
|
||||||
|
update.delete(self.module.params['record'], self.module.params['type'], entry)
|
||||||
|
|
||||||
response = self.__do_update(update)
|
response = self.__do_update(update)
|
||||||
|
|
||||||
return dns.message.Message.rcode(response)
|
return dns.message.Message.rcode(response)
|
||||||
|
|
Loading…
Reference in a new issue