Sort and shuffle SRV record by priority and weight

On multiple occasions, SRV query answers were not properly sorted by priority. Records with same priority weren't randomized and shuffled. This caused FreeIPA to contact the same remote peer instead of distributing the load across all available servers. Two new helper functions now take care of SRV queries. sort_prio_weight() sorts SRV and URI records. query_srv() combines SRV lookup with sort_prio_weight(). Fixes: https://pagure.io/freeipa/issue/7475 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2025-02-25 18:55:28 -06:00 · 2018-06-15 17:03:29 +02:00
parent eda831dba1
commit f90e137a17
7 changed files with 217 additions and 30 deletions
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@@ -32,6 +32,7 @@ from ipalib import api, _
 from ipalib import errors
 from ipapython import ipautil
 from ipapython.dn import DN
+from ipapython.dnsutil import query_srv
 from ipapython.ipaldap import ldap_initialize
 from ipaserver.install import installutils
 from ipaserver.dcerpc_common import (TRUST_BIDIRECTIONAL,
@@ -55,7 +56,6 @@ import samba
 import ldap as _ldap
 from ipapython import ipaldap
 from ipapython.dnsutil import DNSName
-from dns import resolver, rdatatype
 from dns.exception import DNSException
 import pysss_nss_idmap
 import pysss
@@ -799,7 +799,7 @@ class DomainValidator(object):
            gc_name = '_gc._tcp.%s.' % info['dns_domain']

            try:
-                answers = resolver.query(gc_name, rdatatype.SRV)
+                answers = query_srv(gc_name)
            except DNSException as e:
                answers = []