Replace DNS client based on acutil with python-dns

IPA client and server tool set used authconfig acutil module to
for client DNS operations. This is not optimal DNS interface for
several reasons:
- does not provide native Python object oriented interface
  but but rather C-like interface based on functions and
  structures which is not easy to use and extend
- acutil is not meant to be used by third parties besides
  authconfig and thus can break without notice

Replace the acutil with python-dns package which has a feature rich
interface for dealing with all different aspects of DNS including
DNSSEC. The main target of this patch is to replace all uses of
acutil DNS library with a use python-dns. In most cases, even
though the larger parts of the code are changed, the actual
functionality is changed only in the following cases:
- redundant DNS checks were removed from verify_fqdn function
  in installutils to make the whole DNS check simpler and
  less error-prone. Logging was improves for the remaining
  checks
- improved logging for ipa-client-install DNS discovery

https://fedorahosted.org/freeipa/ticket/2730
https://fedorahosted.org/freeipa/ticket/1837

1 files changed, 8 insertions, 16 deletions

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 67279b3ed..6854581d2 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -25,6 +25,7 @@ try:
     import os
     import time
     import socket
+
     from ipapython.ipa_log_manager import *
     import tempfile
     import getpass
@@ -35,7 +36,6 @@ try:
     from ipapython.ipautil import run, user_input, CalledProcessError, file_exists, realm_to_suffix
     import ipapython.services as ipaservices
     from ipapython import ipautil
-    from ipapython import dnsclient
     from ipapython import sysrestore
     from ipapython import version
     from ipapython import certmonger
@@ -996,18 +996,10 @@ def update_dns(server, hostname):
 
 def client_dns(server, hostname, dns_updates=False):
 
-    dns_ok = False
+    dns_ok = ipautil.is_host_resolvable(hostname)
 
-    # Check if the client has an A record registered in its name.
-    rs = dnsclient.query(hostname+".", dnsclient.DNS_C_IN, dnsclient.DNS_T_A)
-    if len([ rec for rec in rs if rec.dns_type is not dnsclient.DNS_T_SOA ]) > 0:
-        dns_ok = True
-    else:
-        rs = dnsclient.query(hostname+".", dnsclient.DNS_C_IN, dnsclient.DNS_T_AAAA)
-        if len([ rec for rec in rs if rec.dns_type is not dnsclient.DNS_T_SOA ]) > 0:
-            dns_ok = True
-        else:
-            print "Warning: Hostname (%s) not found in DNS" % hostname
+    if not dns_ok:
+        print "Warning: Hostname (%s) not found in DNS" % hostname
 
     if dns_updates or not dns_ok:
         update_dns(server, hostname)
@@ -1243,15 +1235,15 @@ def install(options, env, fstore, statestore):
             # We assume that NTP servers are discoverable through SRV records in the DNS
             # If that fails, we try to sync directly with IPA server, assuming it runs NTP
             print 'Synchronizing time with KDC...'
-            ntp_servers = ipautil.parse_items(ds.ipadnssearchntp(cli_domain))
+            ntp_servers = ds.ipadns_search_srv(cli_domain, '_ntp._udp', None, break_on_first=False)
             synced_ntp = False
-            if len(ntp_servers) > 0:
+            if ntp_servers:
                 for s in ntp_servers:
-                   synced_ntp = ipaclient.ntpconf.synconce_ntp(s)
+                   synced_ntp = ipaclient.ntpconf.synconce_ntp(s, debug=True)
                    if synced_ntp:
                        break
             if not synced_ntp:
-                synced_ntp = ipaclient.ntpconf.synconce_ntp(cli_server)
+                synced_ntp = ipaclient.ntpconf.synconce_ntp(cli_server, debug=True)
             if not synced_ntp:
                 print "Unable to sync time with IPA NTP server, assuming the time is in sync."
             (krb_fd, krb_name) = tempfile.mkstemp()