def check_dns(domain):
"""
checks if the nameserver is reachable and answers queries for the domain.
note: we can't reasonably check for dynamic updates as the dns admin might
have put restrictions on which hosts are allowed to be updated.
:param domain: domain name
:return: available status
"""
fqdn = FQDN(host=None, domain=domain)
try:
query_ns(fqdn, "SOA")
queries_ok = True
except (
dns.resolver.Timeout,
dns.resolver.NoNameservers,
dns.resolver.NXDOMAIN,
dns.resolver.NoAnswer,
NameServerNotAvailable,
):
# note: currently the domain is also set to unavailable as a
# side effect in query_ns()
queries_ok = False
return queries_ok
def test_nic_update_authorized_update_other_services(client):
response = client.get(
reverse("nic_update") + "?myip=4.3.2.1", HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET)
)
assert response.status_code == 200
# we don't care whether it is nochg or good, but should be the ip from myip=...:
assert response.content in [b"good 4.3.2.1", b"nochg 4.3.2.1"]
response = client.get(
reverse("nic_update") + "?myip=1.2.3.4", HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET)
)
assert response.status_code == 200
# must be good (was different IP)
assert response.content == b"good 1.2.3.4"
# XXX test below can not run in parallel (like on travis-ci.org) if updating same
# "other service" target host
# now check if it updated the other service also:
assert query_ns(TEST_HOST_OTHER, "A") == "1.2.3.4"
response = client.get(
reverse("nic_update") + "?myip=2.3.4.5", HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET)
)
assert response.status_code == 200
# must be good (was different IP)
assert response.content == b"good 2.3.4.5"
# now check if it updated the other service also:
assert query_ns(TEST_HOST_OTHER, "A") == "2.3.4.5"
def test_nic_update_authorized_update_other_services(client):
response = client.get(reverse('nic_update') + '?myip=4.3.2.1',
HTTP_AUTHORIZATION=make_basic_auth_header(
TEST_HOST, TEST_SECRET))
assert response.status_code == 200
# we don't care whether it is nochg or good, but should be the ip from myip=...:
assert response.content in [b'good 4.3.2.1', b'nochg 4.3.2.1']
response = client.get(reverse('nic_update') + '?myip=1.2.3.4',
HTTP_AUTHORIZATION=make_basic_auth_header(
TEST_HOST, TEST_SECRET))
assert response.status_code == 200
# must be good (was different IP)
assert response.content == b'good 1.2.3.4'
# XXX test below can not run in parallel (like on travis-ci.org) if updating same
# "other service" target host
# now check if it updated the other service also:
assert query_ns(TEST_HOST_OTHER, 'A') == '1.2.3.4'
response = client.get(reverse('nic_update') + '?myip=2.3.4.5',
HTTP_AUTHORIZATION=make_basic_auth_header(
TEST_HOST, TEST_SECRET))
assert response.status_code == 200
# must be good (was different IP)
assert response.content == b'good 2.3.4.5'
# now check if it updated the other service also:
assert query_ns(TEST_HOST_OTHER, 'A') == '2.3.4.5'
def check_dns(domain):
"""
checks if the nameserver is reachable and answers queries for the domain.
note: we can't reasonably check for dynamic updates as the dns admin might
have put restrictions on which hosts are allowed to be updated.
:param domain: domain name
:return: available status
"""
fqdn = FQDN(host=None, domain=domain)
try:
query_ns(fqdn, 'SOA', prefer_primary=True)
queries_ok = True
except (dns.resolver.Timeout, dns.resolver.NoNameservers,
dns.resolver.NXDOMAIN, dns.resolver.NoAnswer, NameServerNotAvailable, dns.message.UnknownTSIGKey):
# note: currently the domain is also set to unavailable as a
# side effect in query_ns()
queries_ok = False
return queries_ok
def test_nic_update_authorized_update_other_services(client):
response = client.get(reverse('nic_update') + '?myip=4.3.2.1',
HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET))
assert response.status_code == 200
# we don't care whether it is nochg or good, but should be the ip from myip=...:
assert response.content in ['good 4.3.2.1', 'nochg 4.3.2.1']
response = client.get(reverse('nic_update') + '?myip=1.2.3.4',
HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET))
assert response.status_code == 200
# must be good (was different IP)
assert response.content == 'good 1.2.3.4'
# now check if it updated the other service also:
assert query_ns(HOSTNAME, 'A') == '1.2.3.4'
response = client.get(reverse('nic_update') + '?myip=2.3.4.5',
HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET))
assert response.status_code == 200
# must be good (was different IP)
assert response.content == 'good 2.3.4.5'
# now check if it updated the other service also:
assert query_ns(HOSTNAME, 'A') == '2.3.4.5'
def handle(self, *args, **options):
ip_to_hosts = defaultdict(list)
for host in Host.objects.all():
fqdn = host.get_fqdn()
try:
ip = dnstools.query_ns(fqdn, 'A')
ip_to_hosts[ip].append(host)
except:
pass
ips = sorted(ip_to_hosts.keys(),
key=lambda ip: len(ip_to_hosts[ip]),
reverse=True)
for ip in ips:
users = {}
hosts_of_user = defaultdict(list)
hosts = ip_to_hosts[ip]
ip_refcount = len(hosts)
print("IP %s is referred to by %d hosts." % (ip, ip_refcount))
for host in hosts:
user = host.created_by
users[user.id] = user
hosts_of_user[user.id].append(host)
response = None
for user_id in users:
user = users[user_id]
count = len(hosts_of_user[user_id])
hostname_samples = ', '.join(
h.name for h in hosts_of_user[user_id][:10])
print(
"User %s (%s) has created %d hosts all pointing to same IP as %d other hostnames."
% (user.username, user.email, count, ip_refcount - count))
print("Hostname samples: %s" % (hostname_samples, ))
if response != 'Y':
response = input(
"Delete user? no [default], y = yes, Y = YES to all, a = abort > "
)
if response.lower() == 'y':
while True:
try:
user.delete()
break
except OperationalError:
# database is locked
time.sleep(0.1)
if response.lower() == 'a':
break
def test_nic_update_authorized_myip_v6(client):
response = client.get(reverse('nic_update') + '?myip=2000::2',
HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET))
assert response.status_code == 200
# we don't care whether it is nochg or good, but should be the ip from myip=...:
assert response.content in [b'good 2000::2', b'nochg 2000::2']
response = client.get(reverse('nic_update') + '?myip=2000::3',
HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET))
assert response.status_code == 200
# must be good (was different IP)
assert response.content == b'good 2000::3'
response = client.get(reverse('nic_update') + '?myip=2000::3',
HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET))
assert response.status_code == 200
# must be nochg (was same IP)
assert response.content == b'nochg 2000::3'
# now check if it updated the ipv4 related hosts also:
assert query_ns(TEST_HOST_RELATED, 'AAAA') == '2000::1' # 2000::3/64 + ::1
def test_nic_update_authorized_myip_v4(client):
response = client.get(
reverse("nic_update") + "?myip=4.3.2.1", HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET)
)
assert response.status_code == 200
# we don't care whether it is nochg or good, but should be the ip from myip=...:
assert response.content in [b"good 4.3.2.1", b"nochg 4.3.2.1"]
response = client.get(
reverse("nic_update") + "?myip=1.2.3.4", HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET)
)
assert response.status_code == 200
# must be good (was different IP)
assert response.content == b"good 1.2.3.4"
response = client.get(
reverse("nic_update") + "?myip=1.2.3.4", HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET)
)
assert response.status_code == 200
# must be nochg (was same IP)
assert response.content == b"nochg 1.2.3.4"
# now check if it updated the ipv4 related hosts also:
assert query_ns(TEST_HOST_RELATED, "A") == "1.2.3.1" # 1.2.3.4/29 + 0.0.0.1
def test_nic_update_authorized_myip_v6(client):
response = client.get(reverse('nic_update') + '?myip=2000::2',
HTTP_AUTHORIZATION=make_basic_auth_header(
TEST_HOST, TEST_SECRET))
assert response.status_code == 200
# we don't care whether it is nochg or good, but should be the ip from myip=...:
assert response.content in [b'good 2000::2', b'nochg 2000::2']
response = client.get(reverse('nic_update') + '?myip=2000::3',
HTTP_AUTHORIZATION=make_basic_auth_header(
TEST_HOST, TEST_SECRET))
assert response.status_code == 200
# must be good (was different IP)
assert response.content == b'good 2000::3'
response = client.get(reverse('nic_update') + '?myip=2000::3',
HTTP_AUTHORIZATION=make_basic_auth_header(
TEST_HOST, TEST_SECRET))
assert response.status_code == 200
# must be nochg (was same IP)
assert response.content == b'nochg 2000::3'
# now check if it updated the ipv4 related hosts also:
assert query_ns(TEST_HOST_RELATED, 'AAAA') == '2000::1' # 2000::3/64 + ::1
