From f1ed123caddd7525a0081c4a9de931cabdfda43f Mon Sep 17 00:00:00 2001
From: Martin Kosek <mkosek@redhat.com>
Date: Fri, 11 May 2012 14:38:09 +0200
Subject: Replace DNS client based on acutil with python-dns

IPA client and server tool set used authconfig acutil module to
for client DNS operations. This is not optimal DNS interface for
several reasons:
- does not provide native Python object oriented interface
  but but rather C-like interface based on functions and
  structures which is not easy to use and extend
- acutil is not meant to be used by third parties besides
  authconfig and thus can break without notice

Replace the acutil with python-dns package which has a feature rich
interface for dealing with all different aspects of DNS including
DNSSEC. The main target of this patch is to replace all uses of
acutil DNS library with a use python-dns. In most cases, even
though the larger parts of the code are changed, the actual
functionality is changed only in the following cases:
- redundant DNS checks were removed from verify_fqdn function
  in installutils to make the whole DNS check simpler and
  less error-prone. Logging was improves for the remaining
  checks
- improved logging for ipa-client-install DNS discovery

https://fedorahosted.org/freeipa/ticket/2730
https://fedorahosted.org/freeipa/ticket/1837
---
 ipalib/util.py | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

(limited to 'ipalib/util.py')

diff --git a/ipalib/util.py b/ipalib/util.py
index 64ac6b2c..50da7432 100644
--- a/ipalib/util.py
+++ b/ipalib/util.py
@@ -28,11 +28,12 @@ import socket
 import re
 from types import NoneType
 from weakref import WeakKeyDictionary
+from dns import resolver, rdatatype
+from dns.exception import DNSException
 
 from ipalib import errors
 from ipalib.text import _
 from ipalib.dn import DN, RDN
-from ipapython import dnsclient
 from ipapython.ipautil import decode_ssh_pubkey
 
 
@@ -88,16 +89,17 @@ def validate_host_dns(log, fqdn):
     """
     See if the hostname has a DNS A record.
     """
-    rs = dnsclient.query(fqdn + '.', dnsclient.DNS_C_IN, dnsclient.DNS_T_A)
-    if len(rs) == 0:
+    try:
+        answers = resolver.query(fqdn, rdatatype.A)
         log.debug(
-            'IPA: DNS A record lookup failed for %s' % fqdn
+            'IPA: found %d records for %s: %s' % (len(answers), fqdn,
+                ' '.join(str(answer) for answer in answers))
         )
-        raise errors.DNSNotARecordError()
-    else:
+    except DNSException, e:
         log.debug(
-            'IPA: found %d records for %s' % (len(rs), fqdn)
+            'IPA: DNS A record lookup failed for %s' % fqdn
         )
+        raise errors.DNSNotARecordError()
 
 def isvalid_base64(data):
     """
-- 
cgit