From 58331208a5ded367e521d42d99de2835f329fab7 Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspacek@redhat.com>
Date: Wed, 16 Dec 2015 13:37:39 +0100
Subject: [PATCH] dns: Handle SERVFAIL in check if domain already exists.

In cases where domain is already delegated to IPA prior installation
we might get timeout or SERVFAIL. The answer depends on the recursive
server we are using for the check.

Reviewed-By: David Kupka <dkupka@redhat.com>
---
 ipapython/ipautil.py              | 11 +++++------
 ipaserver/install/bindinstance.py |  2 +-
 ipaserver/install/dns.py          |  6 ++++--
 3 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index 466667879..bd1cf78fa 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -41,7 +41,7 @@ import locale
 import collections
 
 from dns import resolver, rdatatype, reversename
-from dns.exception import DNSException, Timeout
+from dns.exception import DNSException
 import six
 from six.moves import input
 from six.moves import urllib
@@ -1046,7 +1046,7 @@ def reverse_record_exists(ip_address):
     return True
 
 
-def check_zone_overlap(zone, raise_on_timeout=True):
+def check_zone_overlap(zone, raise_on_error=True):
     root_logger.info("Checking DNS domain %s, please wait ..." % zone)
     if not isinstance(zone, DNSName):
         zone = DNSName(zone).make_absolute()
@@ -1058,10 +1058,9 @@ def check_zone_overlap(zone, raise_on_timeout=True):
 
     try:
         containing_zone = resolver.zone_for_name(zone)
-    except Timeout as e:
-        msg = ("DNS check for domain %s failed: %s. Please make sure that the "
-               "domain is properly delegated to this IPA server." % (zone, e))
-        if raise_on_timeout:
+    except DNSException as e:
+        msg = ("DNS check for domain %s failed: %s." % (zone, e))
+        if raise_on_error:
             raise ValueError(msg)
         else:
             root_logger.warning(msg)
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 93744875e..8daca552d 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -291,7 +291,7 @@ def read_reverse_zone(default, ip_address, allow_zone_overlap=False):
             continue
         if not allow_zone_overlap:
             try:
-                ipautil.check_zone_overlap(zone, raise_on_timeout=False)
+                ipautil.check_zone_overlap(zone, raise_on_error=False)
             except ValueError as e:
                 root_logger.error("Reverse zone %s will not be used: %s"
                                   % (zone, e))
diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py
index 94e9017b6..763b2aca4 100644
--- a/ipaserver/install/dns.py
+++ b/ipaserver/install/dns.py
@@ -126,10 +126,12 @@ def install_check(standalone, replica, options, hostname):
         domain = dnsutil.DNSName(util.normalize_zone(api.env.domain))
         print("Checking DNS domain %s, please wait ..." % domain)
         try:
-            ipautil.check_zone_overlap(domain, raise_on_timeout=False)
+            ipautil.check_zone_overlap(domain, raise_on_error=False)
         except ValueError as e:
             if options.force or options.allow_zone_overlap:
-                root_logger.warning(e.message)
+                root_logger.warning("%s Please make sure that the domain is "
+                                    "properly delegated to this IPA server.",
+                                    e.message)
             else:
                 raise e