From 57339f6d179603e21ace59eb6382a7e3aa04f56d Mon Sep 17 00:00:00 2001 From: Simon-TheUser <35318753+Simon-TheUser@users.noreply.github.com> Date: Mon, 9 May 2022 15:54:39 -0400 Subject: [PATCH 1/7] Insert new entries before deleting old ones. resolves #4657 --- plugins/modules/net_tools/nsupdate.py | 31 ++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/plugins/modules/net_tools/nsupdate.py b/plugins/modules/net_tools/nsupdate.py index 512e44da2fc..6b8a5bfc2c2 100644 --- a/plugins/modules/net_tools/nsupdate.py +++ b/plugins/modules/net_tools/nsupdate.py @@ -339,7 +339,31 @@ def create_record(self): def modify_record(self): update = dns.update.Update(self.zone, keyring=self.keyring, keyalgorithm=self.algorithm) - update.delete(self.module.params['record'], self.module.params['type']) + + if self.module.params['type'].upper() == 'NS': + # When modifying a NS record, track records that are no longer required and only remove them + # after adding the new entries. + # Bind9 silently refuses to delete all the NS entries for a zone: + # 09-May-2022 18:00:50.352 client @0x7fe7dd1f9568 192.168.1.3#45458/key rndc_ddns_ansible: updating zone 'lab/IN': attempt to delete all SOA or NS records ignored + # https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_18/lib/ns/update.c#L3304 + query = dns.message.make_query(self.module.params['record'], self.module.params['type']) + if self.keyring: + query.use_tsig(keyring=self.keyring, algorithm=self.algorithm) + + try: + if self.module.params['protocol'] == 'tcp': + lookup = dns.query.tcp(query, self.module.params['server'], timeout=10, port=self.module.params['port']) + else: + lookup = dns.query.udp(query, self.module.params['server'], timeout=10, port=self.module.params['port']) + except (dns.tsig.PeerBadKey, dns.tsig.PeerBadSignature) as e: + self.module.fail_json(msg='TSIG update error (%s): %s' % (e.__class__.__name__, to_native(e))) + except (socket_error, dns.exception.Timeout) as e: + self.module.fail_json(msg='DNS server error: (%s): %s' % (e.__class__.__name__, to_native(e))) + + entries_to_remove = [ n.to_text() for n in lookup.answer[0].items if n.to_text() not in self.value] + else: + update.delete(self.module.params['record'], self.module.params['type']) + for entry in self.value: try: update.add(self.module.params['record'], @@ -350,6 +374,11 @@ def modify_record(self): self.module.fail_json(msg='value needed when state=present') except dns.exception.SyntaxError: self.module.fail_json(msg='Invalid/malformed value') + + if self.module.params['type'].upper() == 'NS': + for entry in entries_to_remove: + update.delete(self.module.params['record'], self.module.params['type'], entry) + response = self.__do_update(update) return dns.message.Message.rcode(response) From c22fb96a332b1e07e917b868125c2312c1649d8f Mon Sep 17 00:00:00 2001 From: Simon-TheUser <35318753+Simon-TheUser@users.noreply.github.com> Date: Mon, 17 Oct 2022 11:58:07 -0400 Subject: [PATCH 2/7] Slight wording changes. --- plugins/modules/net_tools/nsupdate.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/plugins/modules/net_tools/nsupdate.py b/plugins/modules/net_tools/nsupdate.py index 6b8a5bfc2c2..ab0a1eba43a 100644 --- a/plugins/modules/net_tools/nsupdate.py +++ b/plugins/modules/net_tools/nsupdate.py @@ -341,11 +341,10 @@ def modify_record(self): update = dns.update.Update(self.zone, keyring=self.keyring, keyalgorithm=self.algorithm) if self.module.params['type'].upper() == 'NS': - # When modifying a NS record, track records that are no longer required and only remove them - # after adding the new entries. - # Bind9 silently refuses to delete all the NS entries for a zone: + # When modifying a NS record, Bind9 silently refuses to delete all the NS entries for a zone: # 09-May-2022 18:00:50.352 client @0x7fe7dd1f9568 192.168.1.3#45458/key rndc_ddns_ansible: updating zone 'lab/IN': attempt to delete all SOA or NS records ignored # https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_18/lib/ns/update.c#L3304 + # Let's perform dns inserts and updates first, deletes after. query = dns.message.make_query(self.module.params['record'], self.module.params['type']) if self.keyring: query.use_tsig(keyring=self.keyring, algorithm=self.algorithm) From 4f9997fe3790931c40e0df84cd33ce21243cc279 Mon Sep 17 00:00:00 2001 From: Simon-TheUser <35318753+Simon-TheUser@users.noreply.github.com> Date: Mon, 17 Oct 2022 12:50:14 -0400 Subject: [PATCH 3/7] lint fix --- plugins/modules/net_tools/nsupdate.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/modules/net_tools/nsupdate.py b/plugins/modules/net_tools/nsupdate.py index ab0a1eba43a..e23ccc0fd09 100644 --- a/plugins/modules/net_tools/nsupdate.py +++ b/plugins/modules/net_tools/nsupdate.py @@ -359,8 +359,8 @@ def modify_record(self): except (socket_error, dns.exception.Timeout) as e: self.module.fail_json(msg='DNS server error: (%s): %s' % (e.__class__.__name__, to_native(e))) - entries_to_remove = [ n.to_text() for n in lookup.answer[0].items if n.to_text() not in self.value] - else: + entries_to_remove = [ n.to_text() for n in lookup.answer[0].items if n.to_text() not in self.value ] + else: update.delete(self.module.params['record'], self.module.params['type']) for entry in self.value: From bc7b90c44ded178de8ce0962442f43bc1cd423da Mon Sep 17 00:00:00 2001 From: Simon-TheUser <35318753+Simon-TheUser@users.noreply.github.com> Date: Mon, 17 Oct 2022 13:04:16 -0400 Subject: [PATCH 4/7] Address lint --- plugins/modules/net_tools/nsupdate.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/plugins/modules/net_tools/nsupdate.py b/plugins/modules/net_tools/nsupdate.py index e23ccc0fd09..c4fba30b9d1 100644 --- a/plugins/modules/net_tools/nsupdate.py +++ b/plugins/modules/net_tools/nsupdate.py @@ -344,7 +344,7 @@ def modify_record(self): # When modifying a NS record, Bind9 silently refuses to delete all the NS entries for a zone: # 09-May-2022 18:00:50.352 client @0x7fe7dd1f9568 192.168.1.3#45458/key rndc_ddns_ansible: updating zone 'lab/IN': attempt to delete all SOA or NS records ignored # https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_18/lib/ns/update.c#L3304 - # Let's perform dns inserts and updates first, deletes after. + # Let's perform dns inserts and updates first, deletes after. query = dns.message.make_query(self.module.params['record'], self.module.params['type']) if self.keyring: query.use_tsig(keyring=self.keyring, algorithm=self.algorithm) @@ -359,10 +359,10 @@ def modify_record(self): except (socket_error, dns.exception.Timeout) as e: self.module.fail_json(msg='DNS server error: (%s): %s' % (e.__class__.__name__, to_native(e))) - entries_to_remove = [ n.to_text() for n in lookup.answer[0].items if n.to_text() not in self.value ] - else: + entries_to_remove = [n.to_text() for n in lookup.answer[0].items if n.to_text() not in self.value] + else: update.delete(self.module.params['record'], self.module.params['type']) - + for entry in self.value: try: update.add(self.module.params['record'], From 3b974474a9a9c8fd3d076248f88b48d101313c12 Mon Sep 17 00:00:00 2001 From: Simon-TheUser <35318753+Simon-TheUser@users.noreply.github.com> Date: Mon, 17 Oct 2022 19:53:42 -0400 Subject: [PATCH 5/7] Added changelog Fixed lint --- changelogs/fragments/5377-nsupdate-ns-records-with-bind.yml | 2 ++ plugins/modules/net_tools/nsupdate.py | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/5377-nsupdate-ns-records-with-bind.yml diff --git a/changelogs/fragments/5377-nsupdate-ns-records-with-bind.yml b/changelogs/fragments/5377-nsupdate-ns-records-with-bind.yml new file mode 100644 index 00000000000..f8897cacd23 --- /dev/null +++ b/changelogs/fragments/5377-nsupdate-ns-records-with-bind.yml @@ -0,0 +1,2 @@ +bugfixes: + - nsupdate - Fix silent failures when updating ``NS`` entries from Bind9 managed DNS zones (https://github.com/ansible-collections/community.general/issues/4657). diff --git a/plugins/modules/net_tools/nsupdate.py b/plugins/modules/net_tools/nsupdate.py index c4fba30b9d1..e0ac86155b8 100644 --- a/plugins/modules/net_tools/nsupdate.py +++ b/plugins/modules/net_tools/nsupdate.py @@ -342,7 +342,8 @@ def modify_record(self): if self.module.params['type'].upper() == 'NS': # When modifying a NS record, Bind9 silently refuses to delete all the NS entries for a zone: - # 09-May-2022 18:00:50.352 client @0x7fe7dd1f9568 192.168.1.3#45458/key rndc_ddns_ansible: updating zone 'lab/IN': attempt to delete all SOA or NS records ignored + # > 09-May-2022 18:00:50.352 client @0x7fe7dd1f9568 192.168.1.3#45458/key rndc_ddns_ansible: + # > updating zone 'lab/IN': attempt to delete all SOA or NS records ignored # https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_18/lib/ns/update.c#L3304 # Let's perform dns inserts and updates first, deletes after. query = dns.message.make_query(self.module.params['record'], self.module.params['type']) From d047d62d6d97792782910f7e64dc58ee289142b0 Mon Sep 17 00:00:00 2001 From: Simon-TheUser <35318753+Simon-TheUser@users.noreply.github.com> Date: Mon, 17 Oct 2022 20:10:40 -0400 Subject: [PATCH 6/7] More linting --- plugins/modules/net_tools/nsupdate.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/net_tools/nsupdate.py b/plugins/modules/net_tools/nsupdate.py index e0ac86155b8..43b951fe614 100644 --- a/plugins/modules/net_tools/nsupdate.py +++ b/plugins/modules/net_tools/nsupdate.py @@ -342,7 +342,7 @@ def modify_record(self): if self.module.params['type'].upper() == 'NS': # When modifying a NS record, Bind9 silently refuses to delete all the NS entries for a zone: - # > 09-May-2022 18:00:50.352 client @0x7fe7dd1f9568 192.168.1.3#45458/key rndc_ddns_ansible: + # > 09-May-2022 18:00:50.352 client @0x7fe7dd1f9568 192.168.1.3#45458/key rndc_ddns_ansible: # > updating zone 'lab/IN': attempt to delete all SOA or NS records ignored # https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_18/lib/ns/update.c#L3304 # Let's perform dns inserts and updates first, deletes after. From 71c072986fad0e60d6fd86740cc82d2270caccdf Mon Sep 17 00:00:00 2001 From: Simon-TheUser <35318753+Simon-TheUser@users.noreply.github.com> Date: Tue, 18 Oct 2022 16:38:18 -0400 Subject: [PATCH 7/7] Update changelogs/fragments/5377-nsupdate-ns-records-with-bind.yml Co-authored-by: Felix Fontein --- changelogs/fragments/5377-nsupdate-ns-records-with-bind.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/fragments/5377-nsupdate-ns-records-with-bind.yml b/changelogs/fragments/5377-nsupdate-ns-records-with-bind.yml index f8897cacd23..c414ddc4bfd 100644 --- a/changelogs/fragments/5377-nsupdate-ns-records-with-bind.yml +++ b/changelogs/fragments/5377-nsupdate-ns-records-with-bind.yml @@ -1,2 +1,2 @@ bugfixes: - - nsupdate - Fix silent failures when updating ``NS`` entries from Bind9 managed DNS zones (https://github.com/ansible-collections/community.general/issues/4657). + - nsupdate - fix silent failures when updating ``NS`` entries from Bind9 managed DNS zones (https://github.com/ansible-collections/community.general/issues/4657).