Beispiel #1
0
def check_dns(domain):
    """
    checks if the nameserver is reachable and answers queries for the domain.

    note: we can't reasonably check for dynamic updates as the dns admin might
    have put restrictions on which hosts are allowed to be updated.

    :param domain: domain name
    :return: available status
    """
    fqdn = FQDN(host=None, domain=domain)
    try:
        query_ns(fqdn, "SOA")
        queries_ok = True
    except (
        dns.resolver.Timeout,
        dns.resolver.NoNameservers,
        dns.resolver.NXDOMAIN,
        dns.resolver.NoAnswer,
        NameServerNotAvailable,
    ):
        # note: currently the domain is also set to unavailable as a
        # side effect in query_ns()
        queries_ok = False
    return queries_ok
Beispiel #2
0
def test_nic_update_authorized_update_other_services(client):
    response = client.get(
        reverse("nic_update") + "?myip=4.3.2.1", HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET)
    )
    assert response.status_code == 200
    # we don't care whether it is nochg or good, but should be the ip from myip=...:
    assert response.content in [b"good 4.3.2.1", b"nochg 4.3.2.1"]
    response = client.get(
        reverse("nic_update") + "?myip=1.2.3.4", HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET)
    )
    assert response.status_code == 200
    # must be good (was different IP)
    assert response.content == b"good 1.2.3.4"
    # XXX test below can not run in parallel (like on travis-ci.org) if updating same
    # "other service" target host
    # now check if it updated the other service also:
    assert query_ns(TEST_HOST_OTHER, "A") == "1.2.3.4"
    response = client.get(
        reverse("nic_update") + "?myip=2.3.4.5", HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET)
    )
    assert response.status_code == 200
    # must be good (was different IP)
    assert response.content == b"good 2.3.4.5"
    # now check if it updated the other service also:
    assert query_ns(TEST_HOST_OTHER, "A") == "2.3.4.5"
Beispiel #3
0
def test_nic_update_authorized_update_other_services(client):
    response = client.get(reverse('nic_update') + '?myip=4.3.2.1',
                          HTTP_AUTHORIZATION=make_basic_auth_header(
                              TEST_HOST, TEST_SECRET))
    assert response.status_code == 200
    # we don't care whether it is nochg or good, but should be the ip from myip=...:
    assert response.content in [b'good 4.3.2.1', b'nochg 4.3.2.1']
    response = client.get(reverse('nic_update') + '?myip=1.2.3.4',
                          HTTP_AUTHORIZATION=make_basic_auth_header(
                              TEST_HOST, TEST_SECRET))
    assert response.status_code == 200
    # must be good (was different IP)
    assert response.content == b'good 1.2.3.4'
    # XXX test below can not run in parallel (like on travis-ci.org) if updating same
    # "other service" target host
    # now check if it updated the other service also:
    assert query_ns(TEST_HOST_OTHER, 'A') == '1.2.3.4'
    response = client.get(reverse('nic_update') + '?myip=2.3.4.5',
                          HTTP_AUTHORIZATION=make_basic_auth_header(
                              TEST_HOST, TEST_SECRET))
    assert response.status_code == 200
    # must be good (was different IP)
    assert response.content == b'good 2.3.4.5'
    # now check if it updated the other service also:
    assert query_ns(TEST_HOST_OTHER, 'A') == '2.3.4.5'
Beispiel #4
0
def check_dns(domain):
    """
    checks if the nameserver is reachable and answers queries for the domain.

    note: we can't reasonably check for dynamic updates as the dns admin might
    have put restrictions on which hosts are allowed to be updated.

    :param domain: domain name
    :return: available status
    """
    fqdn = FQDN(host=None, domain=domain)
    try:
        query_ns(fqdn, 'SOA', prefer_primary=True)
        queries_ok = True
    except (dns.resolver.Timeout, dns.resolver.NoNameservers,
            dns.resolver.NXDOMAIN, dns.resolver.NoAnswer, NameServerNotAvailable, dns.message.UnknownTSIGKey):
        # note: currently the domain is also set to unavailable as a
        # side effect in query_ns()
        queries_ok = False
    return queries_ok
Beispiel #5
0
def test_nic_update_authorized_update_other_services(client):
    response = client.get(reverse('nic_update') + '?myip=4.3.2.1',
                          HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET))
    assert response.status_code == 200
    # we don't care whether it is nochg or good, but should be the ip from myip=...:
    assert response.content in ['good 4.3.2.1', 'nochg 4.3.2.1']
    response = client.get(reverse('nic_update') + '?myip=1.2.3.4',
                          HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET))
    assert response.status_code == 200
    # must be good (was different IP)
    assert response.content == 'good 1.2.3.4'
    # now check if it updated the other service also:
    assert query_ns(HOSTNAME, 'A') == '1.2.3.4'
    response = client.get(reverse('nic_update') + '?myip=2.3.4.5',
                          HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET))
    assert response.status_code == 200
    # must be good (was different IP)
    assert response.content == 'good 2.3.4.5'
    # now check if it updated the other service also:
    assert query_ns(HOSTNAME, 'A') == '2.3.4.5'
Beispiel #6
0
 def handle(self, *args, **options):
     ip_to_hosts = defaultdict(list)
     for host in Host.objects.all():
         fqdn = host.get_fqdn()
         try:
             ip = dnstools.query_ns(fqdn, 'A')
             ip_to_hosts[ip].append(host)
         except:
             pass
     ips = sorted(ip_to_hosts.keys(),
                  key=lambda ip: len(ip_to_hosts[ip]),
                  reverse=True)
     for ip in ips:
         users = {}
         hosts_of_user = defaultdict(list)
         hosts = ip_to_hosts[ip]
         ip_refcount = len(hosts)
         print("IP %s is referred to by %d hosts." % (ip, ip_refcount))
         for host in hosts:
             user = host.created_by
             users[user.id] = user
             hosts_of_user[user.id].append(host)
         response = None
         for user_id in users:
             user = users[user_id]
             count = len(hosts_of_user[user_id])
             hostname_samples = ', '.join(
                 h.name for h in hosts_of_user[user_id][:10])
             print(
                 "User %s (%s) has created %d hosts all pointing to same IP as %d other hostnames."
                 % (user.username, user.email, count, ip_refcount - count))
             print("Hostname samples: %s" % (hostname_samples, ))
             if response != 'Y':
                 response = input(
                     "Delete user? no [default], y = yes, Y = YES to all, a = abort > "
                 )
             if response.lower() == 'y':
                 while True:
                     try:
                         user.delete()
                         break
                     except OperationalError:
                         # database is locked
                         time.sleep(0.1)
             if response.lower() == 'a':
                 break
def test_nic_update_authorized_myip_v6(client):
    response = client.get(reverse('nic_update') + '?myip=2000::2',
                          HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET))
    assert response.status_code == 200
    # we don't care whether it is nochg or good, but should be the ip from myip=...:
    assert response.content in [b'good 2000::2', b'nochg 2000::2']
    response = client.get(reverse('nic_update') + '?myip=2000::3',
                          HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET))
    assert response.status_code == 200
    # must be good (was different IP)
    assert response.content == b'good 2000::3'
    response = client.get(reverse('nic_update') + '?myip=2000::3',
                          HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET))
    assert response.status_code == 200
    # must be nochg (was same IP)
    assert response.content == b'nochg 2000::3'
    # now check if it updated the ipv4 related hosts also:
    assert query_ns(TEST_HOST_RELATED, 'AAAA') == '2000::1'  # 2000::3/64 + ::1
Beispiel #8
0
def test_nic_update_authorized_myip_v4(client):
    response = client.get(
        reverse("nic_update") + "?myip=4.3.2.1", HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET)
    )
    assert response.status_code == 200
    # we don't care whether it is nochg or good, but should be the ip from myip=...:
    assert response.content in [b"good 4.3.2.1", b"nochg 4.3.2.1"]
    response = client.get(
        reverse("nic_update") + "?myip=1.2.3.4", HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET)
    )
    assert response.status_code == 200
    # must be good (was different IP)
    assert response.content == b"good 1.2.3.4"
    response = client.get(
        reverse("nic_update") + "?myip=1.2.3.4", HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET)
    )
    assert response.status_code == 200
    # must be nochg (was same IP)
    assert response.content == b"nochg 1.2.3.4"
    # now check if it updated the ipv4 related hosts also:
    assert query_ns(TEST_HOST_RELATED, "A") == "1.2.3.1"  # 1.2.3.4/29 + 0.0.0.1
Beispiel #9
0
def test_nic_update_authorized_myip_v6(client):
    response = client.get(reverse('nic_update') + '?myip=2000::2',
                          HTTP_AUTHORIZATION=make_basic_auth_header(
                              TEST_HOST, TEST_SECRET))
    assert response.status_code == 200
    # we don't care whether it is nochg or good, but should be the ip from myip=...:
    assert response.content in [b'good 2000::2', b'nochg 2000::2']
    response = client.get(reverse('nic_update') + '?myip=2000::3',
                          HTTP_AUTHORIZATION=make_basic_auth_header(
                              TEST_HOST, TEST_SECRET))
    assert response.status_code == 200
    # must be good (was different IP)
    assert response.content == b'good 2000::3'
    response = client.get(reverse('nic_update') + '?myip=2000::3',
                          HTTP_AUTHORIZATION=make_basic_auth_header(
                              TEST_HOST, TEST_SECRET))
    assert response.status_code == 200
    # must be nochg (was same IP)
    assert response.content == b'nochg 2000::3'
    # now check if it updated the ipv4 related hosts also:
    assert query_ns(TEST_HOST_RELATED, 'AAAA') == '2000::1'  # 2000::3/64 + ::1