Catch DNS exceptions during emptyzones named.conf upgrade

For some reasons named may not be runnig and this cause fail of this
upgrade step. This step is not critical so only ERROR message with
recommendation is shown.

https://fedorahosted.org/freeipa/ticket/6205

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>

1 files changed, 14 insertions, 3 deletions

diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index 19ea8ca3c..b47d8fa45 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -11,6 +11,8 @@ import pwd
 import fileinput
 import sys
 
+import dns.exception
+
 import six
 from six.moves.configparser import SafeConfigParser
 
@@ -840,9 +842,18 @@ def named_update_global_forwarder_policy():
         'forward_policy_conflict_with_empty_zones_handled',
         True
     )
-    if not dnsutil.has_empty_zone_addresses(api.env.host):
-        # guess: local server does not have IP addresses from private ranges
-        # so hopefully automatic empty zones are not a problem
+    try:
+        if not dnsutil.has_empty_zone_addresses(api.env.host):
+            # guess: local server does not have IP addresses from private
+            # ranges so hopefully automatic empty zones are not a problem
+            return False
+    except dns.exception.DNSException as ex:
+        root_logger.error(
+            'Skipping update of global DNS forwarder in named.conf: '
+            'Unable to determine if local server is using an '
+            'IP address belonging to an automatic empty zone. '
+            'Consider changing forwarding policy to "only". '
+            'DNS exception: %s', ex)
         return False
 
     if bindinstance.named_conf_get_directive(