def check_dns(domain): """ checks if the nameserver is reachable and answers queries for the domain. note: we can't reasonably check for dynamic updates as the dns admin might have put restrictions on which hosts are allowed to be updated. :param domain: domain name :return: available status """ fqdn = FQDN(host=None, domain=domain) try: query_ns(fqdn, "SOA") queries_ok = True except ( dns.resolver.Timeout, dns.resolver.NoNameservers, dns.resolver.NXDOMAIN, dns.resolver.NoAnswer, NameServerNotAvailable, ): # note: currently the domain is also set to unavailable as a # side effect in query_ns() queries_ok = False return queries_ok
def test_nic_update_authorized_update_other_services(client): response = client.get( reverse("nic_update") + "?myip=4.3.2.1", HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET) ) assert response.status_code == 200 # we don't care whether it is nochg or good, but should be the ip from myip=...: assert response.content in [b"good 4.3.2.1", b"nochg 4.3.2.1"] response = client.get( reverse("nic_update") + "?myip=1.2.3.4", HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET) ) assert response.status_code == 200 # must be good (was different IP) assert response.content == b"good 1.2.3.4" # XXX test below can not run in parallel (like on travis-ci.org) if updating same # "other service" target host # now check if it updated the other service also: assert query_ns(TEST_HOST_OTHER, "A") == "1.2.3.4" response = client.get( reverse("nic_update") + "?myip=2.3.4.5", HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET) ) assert response.status_code == 200 # must be good (was different IP) assert response.content == b"good 2.3.4.5" # now check if it updated the other service also: assert query_ns(TEST_HOST_OTHER, "A") == "2.3.4.5"
def test_nic_update_authorized_update_other_services(client): response = client.get(reverse('nic_update') + '?myip=4.3.2.1', HTTP_AUTHORIZATION=make_basic_auth_header( TEST_HOST, TEST_SECRET)) assert response.status_code == 200 # we don't care whether it is nochg or good, but should be the ip from myip=...: assert response.content in [b'good 4.3.2.1', b'nochg 4.3.2.1'] response = client.get(reverse('nic_update') + '?myip=1.2.3.4', HTTP_AUTHORIZATION=make_basic_auth_header( TEST_HOST, TEST_SECRET)) assert response.status_code == 200 # must be good (was different IP) assert response.content == b'good 1.2.3.4' # XXX test below can not run in parallel (like on travis-ci.org) if updating same # "other service" target host # now check if it updated the other service also: assert query_ns(TEST_HOST_OTHER, 'A') == '1.2.3.4' response = client.get(reverse('nic_update') + '?myip=2.3.4.5', HTTP_AUTHORIZATION=make_basic_auth_header( TEST_HOST, TEST_SECRET)) assert response.status_code == 200 # must be good (was different IP) assert response.content == b'good 2.3.4.5' # now check if it updated the other service also: assert query_ns(TEST_HOST_OTHER, 'A') == '2.3.4.5'
def check_dns(domain): """ checks if the nameserver is reachable and answers queries for the domain. note: we can't reasonably check for dynamic updates as the dns admin might have put restrictions on which hosts are allowed to be updated. :param domain: domain name :return: available status """ fqdn = FQDN(host=None, domain=domain) try: query_ns(fqdn, 'SOA', prefer_primary=True) queries_ok = True except (dns.resolver.Timeout, dns.resolver.NoNameservers, dns.resolver.NXDOMAIN, dns.resolver.NoAnswer, NameServerNotAvailable, dns.message.UnknownTSIGKey): # note: currently the domain is also set to unavailable as a # side effect in query_ns() queries_ok = False return queries_ok
def test_nic_update_authorized_update_other_services(client): response = client.get(reverse('nic_update') + '?myip=4.3.2.1', HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET)) assert response.status_code == 200 # we don't care whether it is nochg or good, but should be the ip from myip=...: assert response.content in ['good 4.3.2.1', 'nochg 4.3.2.1'] response = client.get(reverse('nic_update') + '?myip=1.2.3.4', HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET)) assert response.status_code == 200 # must be good (was different IP) assert response.content == 'good 1.2.3.4' # now check if it updated the other service also: assert query_ns(HOSTNAME, 'A') == '1.2.3.4' response = client.get(reverse('nic_update') + '?myip=2.3.4.5', HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET)) assert response.status_code == 200 # must be good (was different IP) assert response.content == 'good 2.3.4.5' # now check if it updated the other service also: assert query_ns(HOSTNAME, 'A') == '2.3.4.5'
def handle(self, *args, **options): ip_to_hosts = defaultdict(list) for host in Host.objects.all(): fqdn = host.get_fqdn() try: ip = dnstools.query_ns(fqdn, 'A') ip_to_hosts[ip].append(host) except: pass ips = sorted(ip_to_hosts.keys(), key=lambda ip: len(ip_to_hosts[ip]), reverse=True) for ip in ips: users = {} hosts_of_user = defaultdict(list) hosts = ip_to_hosts[ip] ip_refcount = len(hosts) print("IP %s is referred to by %d hosts." % (ip, ip_refcount)) for host in hosts: user = host.created_by users[user.id] = user hosts_of_user[user.id].append(host) response = None for user_id in users: user = users[user_id] count = len(hosts_of_user[user_id]) hostname_samples = ', '.join( h.name for h in hosts_of_user[user_id][:10]) print( "User %s (%s) has created %d hosts all pointing to same IP as %d other hostnames." % (user.username, user.email, count, ip_refcount - count)) print("Hostname samples: %s" % (hostname_samples, )) if response != 'Y': response = input( "Delete user? no [default], y = yes, Y = YES to all, a = abort > " ) if response.lower() == 'y': while True: try: user.delete() break except OperationalError: # database is locked time.sleep(0.1) if response.lower() == 'a': break
def test_nic_update_authorized_myip_v6(client): response = client.get(reverse('nic_update') + '?myip=2000::2', HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET)) assert response.status_code == 200 # we don't care whether it is nochg or good, but should be the ip from myip=...: assert response.content in [b'good 2000::2', b'nochg 2000::2'] response = client.get(reverse('nic_update') + '?myip=2000::3', HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET)) assert response.status_code == 200 # must be good (was different IP) assert response.content == b'good 2000::3' response = client.get(reverse('nic_update') + '?myip=2000::3', HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET)) assert response.status_code == 200 # must be nochg (was same IP) assert response.content == b'nochg 2000::3' # now check if it updated the ipv4 related hosts also: assert query_ns(TEST_HOST_RELATED, 'AAAA') == '2000::1' # 2000::3/64 + ::1
def test_nic_update_authorized_myip_v4(client): response = client.get( reverse("nic_update") + "?myip=4.3.2.1", HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET) ) assert response.status_code == 200 # we don't care whether it is nochg or good, but should be the ip from myip=...: assert response.content in [b"good 4.3.2.1", b"nochg 4.3.2.1"] response = client.get( reverse("nic_update") + "?myip=1.2.3.4", HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET) ) assert response.status_code == 200 # must be good (was different IP) assert response.content == b"good 1.2.3.4" response = client.get( reverse("nic_update") + "?myip=1.2.3.4", HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET) ) assert response.status_code == 200 # must be nochg (was same IP) assert response.content == b"nochg 1.2.3.4" # now check if it updated the ipv4 related hosts also: assert query_ns(TEST_HOST_RELATED, "A") == "1.2.3.1" # 1.2.3.4/29 + 0.0.0.1
def test_nic_update_authorized_myip_v6(client): response = client.get(reverse('nic_update') + '?myip=2000::2', HTTP_AUTHORIZATION=make_basic_auth_header( TEST_HOST, TEST_SECRET)) assert response.status_code == 200 # we don't care whether it is nochg or good, but should be the ip from myip=...: assert response.content in [b'good 2000::2', b'nochg 2000::2'] response = client.get(reverse('nic_update') + '?myip=2000::3', HTTP_AUTHORIZATION=make_basic_auth_header( TEST_HOST, TEST_SECRET)) assert response.status_code == 200 # must be good (was different IP) assert response.content == b'good 2000::3' response = client.get(reverse('nic_update') + '?myip=2000::3', HTTP_AUTHORIZATION=make_basic_auth_header( TEST_HOST, TEST_SECRET)) assert response.status_code == 200 # must be nochg (was same IP) assert response.content == b'nochg 2000::3' # now check if it updated the ipv4 related hosts also: assert query_ns(TEST_HOST_RELATED, 'AAAA') == '2000::1' # 2000::3/64 + ::1