From 03f7731d39689ee6da7118fa4d5de01b4012c427 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Sat, 10 Apr 2021 15:40:22 +0300
Subject: [PATCH] ipaserver/install/dns: handle SERVFAIL when checking reverse
zone
systemd-resolved in Fedora 34+ returns SERVFAIL for reverse zone that
does not yet exist when we attempt to look it up before installation.
Assume that this is OK -- we are going to create the zone ourselves
during installation.
Fixes: https://pagure.io/freeipa/issue/8794
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
ipapython/dnsutil.py | 6 ++++++
ipaserver/install/bindinstance.py | 12 ++++++++++++
ipaserver/install/dns.py | 12 +++++++++++-
3 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/ipapython/dnsutil.py b/ipapython/dnsutil.py
index 63eb64dc1..67a5a5334 100644
--- a/ipapython/dnsutil.py
+++ b/ipapython/dnsutil.py
@@ -125,6 +125,10 @@ class DNSZoneAlreadyExists(dns.exception.DNSException):
"and is handled by server(s): {ns}")
+class DNSNoNameservers(dns.resolver.NoNameservers):
+ pass
+
+
@six.python_2_unicode_compatible
class DNSName(dns.name.Name):
labels = None # make pylint happy
@@ -447,6 +451,8 @@ def check_zone_overlap(zone, raise_on_error=True):
except dns.exception.DNSException as e:
msg = ("DNS check for domain %s failed: %s." % (zone, e))
if raise_on_error:
+ if isinstance(e, dns.resolver.NoNameservers):
+ raise DNSNoNameservers(**e.kwargs) from None
raise ValueError(msg)
else:
logger.warning('%s', msg)
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 19941cd00..f1c9e0aa2 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -312,6 +312,7 @@ def read_reverse_zone(default, ip_address, allow_zone_overlap=False):
logger.error("Reverse zone %s will not be used: %s",
zone, e)
continue
+
break
return normalize_zone(zone)
@@ -338,6 +339,12 @@ def get_auto_reverse_zones(ip_addresses, allow_zone_overlap=False):
default_reverse, ip)
logger.debug('%s', e)
continue
+ except dnsutil.DNSNoNameservers as e:
+ # Show warning and continue in case we've got SERVFAIL
+ # because we are supposedly going to create this reverse zone
+ logger.warning('%s', str(e))
+ continue
+
auto_zones.append((ip, default_reverse))
return auto_zones
@@ -505,6 +512,11 @@ def check_reverse_zones(ip_addresses, reverse_zones, options, unattended,
else:
logger.warning('%s', msg)
continue
+ except dnsutil.DNSNoNameservers as e:
+ # Show warning and continue in case we've got SERVFAIL
+ # because we are supposedly going to create this reverse zone
+ logger.warning('%s', str(e))
+ continue
checked_reverse_zones.append(normalize_zone(rz))
# check that there is reverse zone for every IP
diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py
index b51b92bfd..cbdaf99fd 100644
--- a/ipaserver/install/dns.py
+++ b/ipaserver/install/dns.py
@@ -151,6 +151,10 @@ def install_check(standalone, api, replica, options, hostname):
logger.warning('%s', str(e))
else:
raise e
+ except dnsutil.DNSNoNameservers as e:
+ # Show warning and continue in case we've got SERVFAIL
+ # because we are supposedly going to create this reverse zone
+ logger.warning('%s', str(e))
if standalone:
print("==============================================================================")
@@ -457,7 +461,13 @@ class DNSInstallInterface(hostname.HostNameInstallInterface):
def reverse_zones(self, values):
if not self.allow_zone_overlap:
for zone in values:
- check_zone_overlap(zone)
+ try:
+ check_zone_overlap(zone)
+ except dnsutil.DNSNoNameservers as e:
+ # Show warning and continue in case we've got SERVFAIL
+ # we are supposedly going to create this reverse zone
+ logger.warning('%s', str(e))
+ continue
no_reverse = knob(
None,
--
2.31.1