def test_bind_write_zones_writes_file(self): domain = factory.make_string() network = IPNetwork("192.168.0.3/24") dns_ip_list = [factory.pick_ip_in_network(network)] ip = factory.pick_ip_in_network(network) ttl = random.randint(10, 1000) forward_zone = DNSForwardZoneConfig( domain, serial=random.randint(1, 100), mapping={ factory.make_string(): HostnameIPMapping(None, ttl, {ip}) }, dns_ip_list=dns_ip_list, ) reverse_zone = DNSReverseZoneConfig( domain, serial=random.randint(1, 100), network=network ) actions.bind_write_zones(zones=[forward_zone, reverse_zone]) forward_file_name = "zone.%s" % domain reverse_file_name = "zone.0.168.192.in-addr.arpa" expected_files = [ join(self.dns_conf_dir, forward_file_name), join(self.dns_conf_dir, reverse_file_name), ] self.assertThat(expected_files, AllMatch(FileExists()))
def dns_update_all_zones(reload_retry=False, reload_timeout=2): """Update all zone files for all domains. Serving these zone files means updating BIND's configuration to include them, then asking it to load the new configuration. :param reload_retry: Should the DNS server reload be retried in case of failure? Defaults to `False`. :type reload_retry: bool """ if not is_dns_enabled(): return domains = Domain.objects.filter(authoritative=True) forwarded_zones = forward_domains_to_forwarded_zones( Domain.objects.get_forward_domains()) subnets = Subnet.objects.exclude(rdns_mode=RDNS_MODE.DISABLED) default_ttl = Config.objects.get_config("default_dns_ttl") serial = current_zone_serial() zones = ZoneGenerator( domains, subnets, default_ttl, serial, internal_domains=[get_internal_domain()], ).as_list() bind_write_zones(zones) # We should not be calling bind_write_options() here; call-sites should be # making a separate call. It's a historical legacy, where many sites now # expect this side-effect from calling dns_update_all_zones_now(), and # some that call it for this side-effect alone. At present all it does is # set the upstream DNS servers, nothing to do with serving zones at all! bind_write_options( upstream_dns=get_upstream_dns(), dnssec_validation=get_dnssec_validation(), ) # Nor should we be rewriting ACLs that are related only to allowing # recursive queries to the upstream DNS servers. Again, this is legacy, # where the "trusted" ACL ended up in the same configuration file as the # zone stanzas, and so both need to be rewritten at the same time. bind_write_configuration( zones, trusted_networks=get_trusted_networks(), forwarded_zones=forwarded_zones, ) # Reloading with retries may be a legacy from Celery days, or it may be # necessary to recover from races during start-up. We're not sure if it is # actually needed but it seems safer to maintain this behaviour until we # have a better understanding. if reload_retry: reloaded = bind_reload_with_retries(timeout=reload_timeout) else: reloaded = bind_reload(timeout=reload_timeout) # Return the current serial and list of domain names. return serial, reloaded, [domain.name for domain in domains]