From 269c61a9a63321182e1b209bd506286f7b417038 Mon Sep 17 00:00:00 2001
From: Stanislav Levin <slev@altlinux.org>
Date: Fri, 14 May 2021 19:02:36 +0300
Subject: [PATCH] dns: get_reverse_zone: Ignore resolver's timeout

The DNS server may not process a query in a its internal timeout for
a some reason or don't answer for a query at all. This may indicate
a high load on DNS server. For example, if IPA DNS server is
configured with 'none' forward policy (read as resolver), then
SERVFAIL/Timeout errors will be normal until the hot cache for zones.
Resolver's timeout in turn, indicates that it queried a server, but
didn't received an answer in specified timeout.

Related: https://pagure.io/freeipa/issue/7397
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 ipaserver/plugins/dns.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ipaserver/plugins/dns.py b/ipaserver/plugins/dns.py
index eb21e3cee..acb16613c 100644
--- a/ipaserver/plugins/dns.py
+++ b/ipaserver/plugins/dns.py
@@ -555,6 +555,13 @@ def get_reverse_zone(ipaddr):
                 'All nameservers failed to answer the query '
                 'for DNS reverse zone %(revdns)s') % dict(revdns=revdns)
         )
+    except dns.resolver.Timeout:
+        raise errors.NotFound(
+            reason=_(
+                "No answers could be found in the specified lifetime "
+                "for DNS reverse zone %(revdns)s"
+            ) % dict(revdns=revdns)
+        )
 
     try:
         api.Command['dnszone_show'](revzone)