From 03f7731d39689ee6da7118fa4d5de01b4012c427 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Sat, 10 Apr 2021 15:40:22 +0300 Subject: [PATCH] ipaserver/install/dns: handle SERVFAIL when checking reverse zone systemd-resolved in Fedora 34+ returns SERVFAIL for reverse zone that does not yet exist when we attempt to look it up before installation. Assume that this is OK -- we are going to create the zone ourselves during installation. Fixes: https://pagure.io/freeipa/issue/8794 Signed-off-by: Alexander Bokovoy --- ipapython/dnsutil.py | 6 ++++++ ipaserver/install/bindinstance.py | 12 ++++++++++++ ipaserver/install/dns.py | 12 +++++++++++- 3 files changed, 29 insertions(+), 1 deletion(-) diff --git a/ipapython/dnsutil.py b/ipapython/dnsutil.py index 63eb64dc1..67a5a5334 100644 --- a/ipapython/dnsutil.py +++ b/ipapython/dnsutil.py @@ -125,6 +125,10 @@ class DNSZoneAlreadyExists(dns.exception.DNSException): "and is handled by server(s): {ns}") +class DNSNoNameservers(dns.resolver.NoNameservers): + pass + + @six.python_2_unicode_compatible class DNSName(dns.name.Name): labels = None # make pylint happy @@ -447,6 +451,8 @@ def check_zone_overlap(zone, raise_on_error=True): except dns.exception.DNSException as e: msg = ("DNS check for domain %s failed: %s." % (zone, e)) if raise_on_error: + if isinstance(e, dns.resolver.NoNameservers): + raise DNSNoNameservers(**e.kwargs) from None raise ValueError(msg) else: logger.warning('%s', msg) diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index 19941cd00..f1c9e0aa2 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -312,6 +312,7 @@ def read_reverse_zone(default, ip_address, allow_zone_overlap=False): logger.error("Reverse zone %s will not be used: %s", zone, e) continue + break return normalize_zone(zone) @@ -338,6 +339,12 @@ def get_auto_reverse_zones(ip_addresses, allow_zone_overlap=False): default_reverse, ip) logger.debug('%s', e) continue + except dnsutil.DNSNoNameservers as e: + # Show warning and continue in case we've got SERVFAIL + # because we are supposedly going to create this reverse zone + logger.warning('%s', str(e)) + continue + auto_zones.append((ip, default_reverse)) return auto_zones @@ -505,6 +512,11 @@ def check_reverse_zones(ip_addresses, reverse_zones, options, unattended, else: logger.warning('%s', msg) continue + except dnsutil.DNSNoNameservers as e: + # Show warning and continue in case we've got SERVFAIL + # because we are supposedly going to create this reverse zone + logger.warning('%s', str(e)) + continue checked_reverse_zones.append(normalize_zone(rz)) # check that there is reverse zone for every IP diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py index b51b92bfd..cbdaf99fd 100644 --- a/ipaserver/install/dns.py +++ b/ipaserver/install/dns.py @@ -151,6 +151,10 @@ def install_check(standalone, api, replica, options, hostname): logger.warning('%s', str(e)) else: raise e + except dnsutil.DNSNoNameservers as e: + # Show warning and continue in case we've got SERVFAIL + # because we are supposedly going to create this reverse zone + logger.warning('%s', str(e)) if standalone: print("==============================================================================") @@ -457,7 +461,13 @@ class DNSInstallInterface(hostname.HostNameInstallInterface): def reverse_zones(self, values): if not self.allow_zone_overlap: for zone in values: - check_zone_overlap(zone) + try: + check_zone_overlap(zone) + except dnsutil.DNSNoNameservers as e: + # Show warning and continue in case we've got SERVFAIL + # we are supposedly going to create this reverse zone + logger.warning('%s', str(e)) + continue no_reverse = knob( None, -- 2.31.1