Ejemplo n.º 1
0
def check_dns_zone(domain, env, output, dns_zonefiles):
	# If a DS record is set at the registrar, check DNSSEC first because it will affect the NS query.
	# If it is not set, we suggest it last.
	if query_dns(domain, "DS", nxdomain=None) is not None:
		check_dnssec(domain, env, output, dns_zonefiles)

	# We provide a DNS zone for the domain. It should have NS records set up
	# at the domain name's registrar pointing to this box. The secondary DNS
	# server may be customized. Unfortunately this may not check the domain's
	# whois information -- we may be getting the NS records from us rather than
	# the TLD, and so we're not actually checking the TLD. For that we'd need
	# to do a DNS trace.
	ip = query_dns(domain, "A")
	secondary_ns = get_secondary_dns(get_custom_dns_config(env)) or "ns2." + env['PRIMARY_HOSTNAME']
	existing_ns = query_dns(domain, "NS")
	correct_ns = "; ".join(sorted([
		"ns1." + env['PRIMARY_HOSTNAME'],
		secondary_ns,
		]))
	if existing_ns.lower() == correct_ns.lower():
		output.print_ok("Nameservers are set correctly at registrar. [%s]" % correct_ns)
	elif ip == env['PUBLIC_IP']:
		# The domain resolves correctly, so maybe the user is using External DNS.
		output.print_warning("""The nameservers set on this domain at your domain name registrar should be %s. They are currently %s.
			If you are using External DNS, this may be OK."""
				% (correct_ns, existing_ns) )
	else:
		output.print_error("""The nameservers set on this domain are incorrect. They are currently %s. Use your domain name registrar's
			control panel to set the nameservers to %s."""
				% (existing_ns, correct_ns) )
Ejemplo n.º 2
0
def check_dns_zone(domain, env, output, dns_zonefiles):
	# If a DS record is set at the registrar, check DNSSEC first because it will affect the NS query.
	# If it is not set, we suggest it last.
	if query_dns(domain, "DS", nxdomain=None) is not None:
		check_dnssec(domain, env, output, dns_zonefiles)

	# We provide a DNS zone for the domain. It should have NS records set up
	# at the domain name's registrar pointing to this box. The secondary DNS
	# server may be customized. Unfortunately this may not check the domain's
	# whois information -- we may be getting the NS records from us rather than
	# the TLD, and so we're not actually checking the TLD. For that we'd need
	# to do a DNS trace.
	ip = query_dns(domain, "A")
	secondary_ns = get_secondary_dns(get_custom_dns_config(env)) or "ns2." + env['PRIMARY_HOSTNAME']
	existing_ns = query_dns(domain, "NS")
	correct_ns = "; ".join(sorted([
		"ns1." + env['PRIMARY_HOSTNAME'],
		secondary_ns,
		]))
	if existing_ns.lower() == correct_ns.lower():
		output.print_ok("Nameservers are set correctly at registrar. [%s]" % correct_ns)
	elif ip == env['PUBLIC_IP']:
		# The domain resolves correctly, so maybe the user is using External DNS.
		output.print_warning("""The nameservers set on this domain at your domain name registrar should be %s. They are currently %s.
			If you are using External DNS, this may be OK."""
				% (correct_ns, existing_ns) )
	else:
		output.print_error("""The nameservers set on this domain are incorrect. They are currently %s. Use your domain name registrar's
			control panel to set the nameservers to %s."""
				% (existing_ns, correct_ns) )
Ejemplo n.º 3
0
def check_dns_zone(domain, env, output, dns_zonefiles):
    # If a DS record is set at the registrar, check DNSSEC first because it will affect the NS query.
    # If it is not set, we suggest it last.
    if query_dns(domain, "DS", nxdomain=None) is not None:
        check_dnssec(domain, env, output, dns_zonefiles)

    # We provide a DNS zone for the domain. It should have NS records set up
    # at the domain name's registrar pointing to this box. The secondary DNS
    # server may be customized.
    # (I'm not sure whether this necessarily tests the TLD's configuration,
    # as it should, or if one successful NS line at the TLD will result in
    # this query being answered by the box, which would mean the test is only
    # half working.)

    custom_dns_records = list(get_custom_dns_config(env))  # generator => list so we can reuse it
    correct_ip = get_custom_dns_record(custom_dns_records, domain, "A") or env['PUBLIC_IP']
    custom_secondary_ns = get_secondary_dns(custom_dns_records, mode="NS")
    secondary_ns = custom_secondary_ns or ["ns2." + env['PRIMARY_HOSTNAME']]

    existing_ns = query_dns(domain, "NS")
    correct_ns = "; ".join(sorted(["ns1." + env['PRIMARY_HOSTNAME']] + secondary_ns))
    ip = query_dns(domain, "A")

    probably_external_dns = False

    if existing_ns.lower() == correct_ns.lower():
        output.print_ok("Nameservers are set correctly at registrar. [%s]" % correct_ns)
    elif ip == correct_ip:
        # The domain resolves correctly, so maybe the user is using External DNS.
        output.print_warning("""The nameservers set on this domain at your domain name registrar should be %s. They are currently %s.
			If you are using External DNS, this may be OK."""
                             % (correct_ns, existing_ns))
        probably_external_dns = True
    else:
        output.print_error("""The nameservers set on this domain are incorrect. They are currently %s. Use your domain name registrar's
			control panel to set the nameservers to %s."""
                           % (existing_ns, correct_ns))

    # Check that each custom secondary nameserver resolves the IP address.

    if custom_secondary_ns and not probably_external_dns:
        for ns in custom_secondary_ns:
            # We must first resolve the nameserver to an IP address so we can query it.
            ns_ip = query_dns(ns, "A")
            if not ns_ip:
                output.print_error("Secondary nameserver %s is not valid (it doesn't resolve to an IP address)." % ns)
                continue

            # Now query it to see what it says about this domain.
            ip = query_dns(domain, "A", at=ns_ip, nxdomain=None)
            if ip == correct_ip:
                output.print_ok("Secondary nameserver %s resolved the domain correctly." % ns)
            elif ip is None:
                output.print_error("Secondary nameserver %s is not configured to resolve this domain." % ns)
            else:
                output.print_error(
                    "Secondary nameserver %s is not configured correctly. (It resolved this domain as %s. It should be %s.)" % (
                    ns, ip, correct_ip))
Ejemplo n.º 4
0
def check_dns_zone(domain, env, output, dns_zonefiles):
	# If a DS record is set at the registrar, check DNSSEC first because it will affect the NS query.
	# If it is not set, we suggest it last.
	if query_dns(domain, "DS", nxdomain=None) is not None:
		check_dnssec(domain, env, output, dns_zonefiles)

	# We provide a DNS zone for the domain. It should have NS records set up
	# at the domain name's registrar pointing to this box. The secondary DNS
	# server may be customized.
	# (I'm not sure whether this necessarily tests the TLD's configuration,
	# as it should, or if one successful NS line at the TLD will result in
	# this query being answered by the box, which would mean the test is only
	# half working.)

	custom_dns_records = list(get_custom_dns_config(env)) # generator => list so we can reuse it
	correct_ip = "; ".join(sorted(get_custom_dns_records(custom_dns_records, domain, "A"))) or env['PUBLIC_IP']
	custom_secondary_ns = get_secondary_dns(custom_dns_records, mode="NS")
	secondary_ns = custom_secondary_ns or ["ns2." + env['PRIMARY_HOSTNAME']]

	existing_ns = query_dns(domain, "NS")
	correct_ns = "; ".join(sorted(["ns1." + env['PRIMARY_HOSTNAME']] + secondary_ns))
	ip = query_dns(domain, "A")

	probably_external_dns = False

	if existing_ns.lower() == correct_ns.lower():
		output.print_ok("Nameservers are set correctly at registrar. [%s]" % correct_ns)
	elif ip == correct_ip:
		# The domain resolves correctly, so maybe the user is using External DNS.
		output.print_warning("""The nameservers set on this domain at your domain name registrar should be %s. They are currently %s.
			If you are using External DNS, this may be OK."""
				% (correct_ns, existing_ns) )
		probably_external_dns = True
	else:
		output.print_error("""The nameservers set on this domain are incorrect. They are currently %s. Use your domain name registrar's
			control panel to set the nameservers to %s."""
				% (existing_ns, correct_ns) )

	# Check that each custom secondary nameserver resolves the IP address.

	if custom_secondary_ns and not probably_external_dns:
		for ns in custom_secondary_ns:
			# We must first resolve the nameserver to an IP address so we can query it.
			ns_ips = query_dns(ns, "A")
			if not ns_ips:
				output.print_error("Secondary nameserver %s is not valid (it doesn't resolve to an IP address)." % ns)
				continue
			# Choose the first IP if nameserver returns multiple
			ns_ip = ns_ips.split('; ')[0]

			# Now query it to see what it says about this domain.
			ip = query_dns(domain, "A", at=ns_ip, nxdomain=None)
			if ip == correct_ip:
				output.print_ok("Secondary nameserver %s resolved the domain correctly." % ns)
			elif ip is None:
				output.print_error("Secondary nameserver %s is not configured to resolve this domain." % ns)
			else:
				output.print_error("Secondary nameserver %s is not configured correctly. (It resolved this domain as %s. It should be %s.)" % (ns, ip, correct_ip))
Ejemplo n.º 5
0
def dns_get_secondary_nameserver():
	from dns_update import get_custom_dns_config, get_secondary_dns
	return json_response({ "hostnames": get_secondary_dns(get_custom_dns_config(env), mode=None) })
Ejemplo n.º 6
0
def dns_get_secondary_nameserver():
	from dns_update import get_custom_dns_config, get_secondary_dns
	return json_response({ "hostnames": get_secondary_dns(get_custom_dns_config(env), mode=None) })