New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix handling of forwarders addresses with custom port. #6269
Conversation
13d536b
to
fc9031d
Compare
Related to: https://pagure.io/freeipa/issue/9158 Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
a09b9f5
to
9756730
Compare
Related to: https://pagure.io/freeipa/issue/9158 Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
Related to: https://pagure.io/freeipa/issue/9158 Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
When setting a DNS forwarder, IPA allows the use of a custom port using the format '<ip> port <port>', and this configuration is validated with dnspython to ensure the forwarder is resolvable. Starting with dnspython 2.2.0 the Resolver.nameservers property, used to resolve the forwarders IP address, validates the IP address when the value is assigned to property, and as the forwarder format is not an IP address, it fails and a ValueError exception is raised. Modifying the way forwarders are handled when validating them prevents the exception to be raised, and test for the correct port. Fixes: https://pagure.io/freeipa/issue/9158 Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
df5327d
to
af65a3e
Compare
f27510e
to
2ecce7c
Compare
ee14537
to
29119ba
Compare
29119ba
to
2a42f87
Compare
# case, split the string and add the IP part to res.nameservers, | ||
# and the ip:port pair to res.nameserver_ports dict. | ||
nameserver_ip = re.sub(r'\s+', ' ', nameserver_ip.strip()) | ||
nameserver_ip, *port = nameserver_ip.split(" port ") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For ease of testing I wonder if this should be put into a separate function. Then you could use straight pytest to pass in a variety of values with ease.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wouldn't it make more sense to fix this in DNSResolver?
Here is an example: master...t-woerner:freeipa:fix_dns_resolver_for_nameservers_with_ports
bind is allowing to specify the port for a forwarders with "port " additionally to the IP addresses. But dnspython that is used to verify the list of forwarders (nameservers) is only allowing to have IP addresses in the list. With dnspython version 2.20 there is a new validator in dns.resolver.BaseResolver that ensures this. |
Dropping this PR in favor of #6408 |
When setting a DNS forwarder, IPA allows the use of a custom port using
the format ' port ', and this configuration is validated with
dnspython to ensure the forwarder is resolvable.
Starting with dnspython 2.2.0 the Resolver.nameservers property, used
to resolve the forwarders IP address, validates the IP address when
the value is assigned to property, and as the forwarder format is not
an IP address, it fails and a ValueError exception is raised.
Modifying the way forwarders are handled when validating them prevents
the exception to be raised, and test for the correct port.
Fixes: https://pagure.io/freeipa/issue/9158