IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

dnspython: Add compatibility shim

Browse Source 
`dnspython` 2.0.0 has many changes and several deprecations like:

```
> dns.resolver.resolve() has been added, allowing control of whether
search lists are used. dns.resolver.query() is retained for backwards
compatibility, but deprecated. The default for search list behavior can
be set at in the resolver object with the use_search_by_default
parameter. The default is False.

> dns.resolver.resolve_address() has been added, allowing easy
address-to-name lookups.
```

The new class `DNSResolver`:
- provides the compatibility layer
- defaults the previous behavior (the search list configured in the
  system's resolver configuration is used for relative names)
- defaults lifetime to 15sec (determines the number of seconds
  to spend trying to get an answer to the question)

Fixes: https://pagure.io/freeipa/issue/8383
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Stanislav Levin
2020-08-28 16:31:10 +03:00
committed by Alexander Bokovoy
parent fdb227e55a
commit 49e643783d
16 changed files with 158 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
ipalib/util.py
View File

@@ -42,7 +42,7 @@ import struct
import subprocess
import netaddr
from dns import resolver, rdatatype
from dns import rdatatype
from dns.exception import DNSException
from dns.resolver import NXDOMAIN
from netaddr.core import AddrFormatError
@@ -67,8 +67,12 @@ from ipaplatform.constants import constants
from ipaplatform.paths import paths
from ipapython.ssh import SSHPublicKey
from ipapython.dn import DN, RDN
from ipapython.dnsutil import DNSName
from ipapython.dnsutil import resolve_ip_addresses
from ipapython.dnsutil import (
DNSName,
DNSResolver,
resolve,
resolve_ip_addresses,
)
from ipapython.admintool import ScriptError
if sys.version_info >= (3, 2):
@@ -117,13 +121,13 @@ def has_soa_or_ns_record(domain):
Returns True or False.
"""
try:
resolver.query(domain, rdatatype.SOA)
resolve(domain, rdatatype.SOA)
soa_record_found = True
except DNSException:
soa_record_found = False
try:
resolver.query(domain, rdatatype.NS)
resolve(domain, rdatatype.NS)
ns_record_found = True
except DNSException:
ns_record_found = False
@@ -797,7 +801,7 @@ def _resolve_record(owner, rtype, nameserver_ip=None, edns0=False,
assert isinstance(nameserver_ip, str) or nameserver_ip is None
assert isinstance(rtype, str)
res = dns.resolver.Resolver()
res = DNSResolver()
if nameserver_ip:
res.nameservers = [nameserver_ip]
res.lifetime = timeout
@@ -815,7 +819,7 @@ def _resolve_record(owner, rtype, nameserver_ip=None, edns0=False,
elif edns0:
res.use_edns(0, 0, 4096)
return res.query(owner, rtype)
return res.resolve(owner, rtype)
def _validate_edns0_forwarder(owner, rtype, ip_addr, timeout=10):
@@ -985,7 +989,7 @@ def detect_dns_zone_realm_type(api, domain):
kerberos_record_name = kerberos_prefix + domain_suffix
try:
result = resolver.query(kerberos_record_name, rdatatype.TXT)
result = resolve(kerberos_record_name, rdatatype.TXT)
answer = result.response.answer
# IPA domain will have only one _kerberos TXT record
@@ -1012,7 +1016,7 @@ def detect_dns_zone_realm_type(api, domain):
try:
# The presence of this record is enough, return foreign in such case
resolver.query(ad_specific_record_name, rdatatype.SRV)
resolve(ad_specific_record_name, rdatatype.SRV)
except DNSException:
# If we could not detect type with certainty, return unknown
return 'unknown'