Infra/lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Dynamically obtain the authoritative nameserver for the domain

Browse Source
This commit is contained in:
Kush Bavishi 2019-07-29 18:01:28 -07:00
parent e993194b4f
commit 3ad791e1ec
1 changed files with 47 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
lemur/plugins/lemur_acme/ultradns.py
View File

@ -83,14 +83,12 @@ def _post(path, params):
resp.raise_for_status() resp.raise_for_status()
def _has_dns_propagated(name, token, domain="8.8.8.8"): def _has_dns_propagated(name, token, domain):
# Check whether the DNS change made by Lemur have propagated to the public DNS or not. # Check whether the DNS change made by Lemur have propagated to the public DNS or not.
# Invoked by wait_for_dns_change() function # Invoked by wait_for_dns_change() function
txt_records = [] txt_records = []
try: try:
dns_resolver = dns.resolver.Resolver() dns_resolver = dns.resolver.Resolver()
# dns_resolver.nameservers = [get_authoritative_nameserver(name)]
# dns_resolver.nameservers = ["156.154.64.154"]
dns_resolver.nameservers = [domain] dns_resolver.nameservers = [domain]
dns_response = dns_resolver.query(name, "TXT") dns_response = dns_resolver.query(name, "TXT")
for rdata in dns_response: for rdata in dns_response:
@ -110,19 +108,21 @@ def _has_dns_propagated(name, token, domain="8.8.8.8"):
def wait_for_dns_change(change_id, account_number=None): def wait_for_dns_change(change_id, account_number=None):
# Waits and checks if the DNS changes have propagated or not. # Waits and checks if the DNS changes have propagated or not.
# First check the domains authoritative server. Once this succeeds,
# we ask a public DNS server (Google <8.8.8.8> in our case).
fqdn, token = change_id fqdn, token = change_id
number_of_attempts = 20 number_of_attempts = 20
nameserver = get_authoritative_nameserver(fqdn)
for attempts in range(0, number_of_attempts): for attempts in range(0, number_of_attempts):
status = _has_dns_propagated(fqdn, token, "156.154.64.154") status = _has_dns_propagated(fqdn, token, nameserver)
current_app.logger.debug("Record status for fqdn: {}: {}".format(fqdn, status)) current_app.logger.debug("Record status for fqdn: {}: {}".format(fqdn, status))
if status: if status:
# metrics.send("wait_for_dns_change_success", "counter", 1)
time.sleep(10) time.sleep(10)
break break
time.sleep(10) time.sleep(10)
if status: if status:
for attempts in range(0, number_of_attempts): for attempts in range(0, number_of_attempts):
status = _has_dns_propagated(fqdn, token, "8.8.8.8") status = _has_dns_propagated(fqdn, token, get_public_authoritative_nameserver())
current_app.logger.debug("Record status for fqdn: {}: {}".format(fqdn, status)) current_app.logger.debug("Record status for fqdn: {}: {}".format(fqdn, status))
if status: if status:
metrics.send("wait_for_dns_change_success", "counter", 1) metrics.send("wait_for_dns_change_success", "counter", 1)
@ -150,8 +150,6 @@ def get_zones(account_number):
# UltraDNS zone names end with a "." - Example - lemur.example.com. # UltraDNS zone names end with a "." - Example - lemur.example.com.
# We pick out the names minus the "." at the end while returning the list # We pick out the names minus the "." at the end while returning the list
zone = Zone(elem) zone = Zone(elem)
# TODO : Check for active & Primary
# if elem["properties"]["type"] == "PRIMARY" and elem["properties"]["status"] == "ACTIVE":
if zone.authoritative_type == "PRIMARY" and zone.status == "ACTIVE": if zone.authoritative_type == "PRIMARY" and zone.status == "ACTIVE":
zones.append(zone.name) zones.append(zone.name)
@ -242,7 +240,6 @@ def delete_txt_record(change_id, account_number, domain, token):
return return
try: try:
# Remove the record from the RRSet locally # Remove the record from the RRSet locally
# rrsets["rrSets"][0]["rdata"].remove("{}".format(token))
record.rdata.remove("{}".format(token)) record.rdata.remove("{}".format(token))
except ValueError: except ValueError:
current_app.logger.debug("Token not found") current_app.logger.debug("Token not found")
@ -252,7 +249,6 @@ def delete_txt_record(change_id, account_number, domain, token):
_delete(path) _delete(path)
# Check if the RRSet has more records. If yes, add the modified RRSet back to UltraDNS # Check if the RRSet has more records. If yes, add the modified RRSet back to UltraDNS
# if len(rrsets["rrSets"][0]["rdata"]) > 0:
if len(record.rdata) > 0: if len(record.rdata) > 0:
params = { params = {
"ttl": 5, "ttl": 5,
@ -285,18 +281,44 @@ def delete_acme_txt_records(domain):
def get_authoritative_nameserver(domain): def get_authoritative_nameserver(domain):
""" n = dns.name.from_text(domain)
REMEMBER TO CHANGE THE RETURN VALUE
REMEMBER TO CHANGE THE RETURN VALUE depth = 2
REMEMBER TO CHANGE THE RETURN VALUE default = dns.resolver.get_default_resolver()
REMEMBER TO CHANGE THE RETURN VALUE nameserver = default.nameservers[0]
REMEMBER TO CHANGE THE RETURN VALUE
REMEMBER TO CHANGE THE RETURN VALUE last = False
REMEMBER TO CHANGE THE RETURN VALUE while not last:
REMEMBER TO CHANGE THE RETURN VALUE s = n.split(depth)
REMEMBER TO CHANGE THE RETURN VALUE
REMEMBER TO CHANGE THE RETURN VALUE last = s[0].to_unicode() == u"@"
REMEMBER TO CHANGE THE RETURN VALUE sub = s[1]
"""
# return "8.8.8.8" query = dns.message.make_query(sub, dns.rdatatype.NS)
return "156.154.64.154" response = dns.query.udp(query, nameserver)
rcode = response.rcode()
if rcode != dns.rcode.NOERROR:
metrics.send("get_authoritative_nameserver_error", "counter", 1)
if rcode == dns.rcode.NXDOMAIN:
raise Exception("%s does not exist." % sub)
else:
raise Exception("Error %s" % dns.rcode.to_text(rcode))
if len(response.authority) > 0:
rrset = response.authority[0]
else:
rrset = response.answer[0]
rr = rrset[0]
if rr.rdtype != dns.rdatatype.SOA:
authority = rr.target
nameserver = default.query(authority).rrset[0].to_text()
depth += 1
return nameserver
def get_public_authoritative_nameserver():
return "8.8.8.8"