From af65a3e6ff249baf00b4686746473c77185ba02a Mon Sep 17 00:00:00 2001
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
Date: Thu, 19 May 2022 13:12:11 -0300
Subject: [PATCH] Fix handling of forwarders addresses with custom port.

When setting a DNS forwarder, IPA allows the use of a custom port using
the format '<ip> port <port>', and this configuration is validated with
dnspython to ensure the forwarder is resolvable.

Starting with dnspython 2.2.0 the Resolver.nameservers property, used
to resolve the forwarders IP address, validates the IP address when
the value is assigned to property, and as the forwarder format is not
an IP address, it fails and a ValueError exception is raised.

Modifying the way forwarders are handled when validating them prevents
the exception to be raised, and test for the correct port.

Fixes: https://pagure.io/freeipa/issue/9158

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
---
 ipalib/util.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ipalib/util.py b/ipalib/util.py
index 0e3b7e0d8d6..b7cc7fe18aa 100644
--- a/ipalib/util.py
+++ b/ipalib/util.py
@@ -801,7 +801,15 @@ def _resolve_record(owner, rtype, nameserver_ip=None, edns0=False,
 
     res = DNSResolver()
     if nameserver_ip:
+        # When validating forwarders, nameserver_ip takes the format
+        # '<ip> port <port>', which is not a vaild IP address. In this
+        # case, split the string and add the IP part to res.nameservers,
+        # and the ip:port pair to res.nameserver_ports dict.
+        nameserver_ip = re.sub(r'\s+', ' ', nameserver_ip.strip())
+        nameserver_ip, *port = nameserver_ip.split(" port ")
         res.nameservers = [nameserver_ip]
+        if port:
+            res.nameserver_ports = {nameserver_ip: int(*port)}
     res.lifetime = timeout
 
     # Recursion Desired,