"dns.exception.SyntaxError: Text input is malformed" since updating to dnspython 2.0.0

[imrejonk]

Hi,

Thanks for developing dnspython. I'm using it together with Python 3.7 and Ansible 2.9 to update DNS records using the nsupdate module. This worked fine with dnspython 1.16.0, but updating to 2.0.0 results in this error when running my Ansible playbook:

Traceback (most recent call last):
  File "/home/imre/.local/share/virtualenvs/debops-ciphermail-QJnPILZz/lib/python3.7/site-packages/dns/inet.py", line 87, in af_for_address
    dns.ipv4.inet_aton(text)
  File "/home/imre/.local/share/virtualenvs/debops-ciphermail-QJnPILZz/lib/python3.7/site-packages/dns/ipv4.py", line 49, in inet_aton
    raise dns.exception.SyntaxError
dns.exception.SyntaxError: Text input is malformed.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/imre/.local/share/virtualenvs/debops-ciphermail-QJnPILZz/lib/python3.7/site-packages/dns/inet.py", line 91, in af_for_address
    dns.ipv6.inet_aton(text, True)
  File "/home/imre/.local/share/virtualenvs/debops-ciphermail-QJnPILZz/lib/python3.7/site-packages/dns/ipv6.py", line 165, in inet_aton
    raise dns.exception.SyntaxError
dns.exception.SyntaxError: Text input is malformed.

During handling of the above exception, another exception occurred:
[..]

I've pasted the full traceback here.

I think this means that dnspython 2.0.0 does not like the format of the IP address I'm passing to it. Here is the Ansible task with the parameters I'm passing to the 'nsupdate' module:

- name: Update DNS records
  nsupdate:
    server: 'ns.ciphermail.com'
    zone: 'ciphermail.com'
    record: 'secure3'
    type: 'A'
    value: '51.124.143.244'
    key_name: 'ansible20200123'
    key_algorithm: 'hmac-sha256'
    key_secret: 'REDACTED'

I'm getting the above exceptions when I'm updating an AAAA record as well. I'm not sure whether this is an Ansible or a dnspython issue, any feedback is greatly appreciated.

[rthalley]

This was tricky, but the hard thing was finding the right nsupdate ansible source to look at. Finally I just installed ansible :) So, the problem here is that ansible is passing the "server" parameter, a hostname, to dnspython's dns.query.tcp() method. The 'where' parameter of this method has always been documented as taking an IPv4 or IPv6 address. In pre-2.0 dnspython, however, it happened to work if you passed a hostname as well, because of how python socket addresses work. Cleanups in dnspython 2.0 made this never-intended-effect not work.

In the short term, ansible should pin dnspython to <2.0. In the longer term, the nsupdate module should call getaddrinfo() on the server address and pass an IPv4 or IPv6 address to dnspython's dns.query.tcp() method.

[rthalley]

Oh, and you can also work around this by putting an IPv4 or IPv6 address into the server field.

[rthalley]

I should also add that it's not clear that ansible ever intended you to put a hostname in the server field either, as their examples show IP addresses, but the type of the "server" field in the documentation is not documented. So they might not think this is a bug either.

[imrejonk]

@rthalley Thanks for the quick response! I just did some testing here with dnspython 2.0.0 and an IP address instead of a hostname in the 'server' parameter, and that worked out really well. I'm actually letting Ansible look up the SOA record of the zone I want to update, grab the primary name server from that, then resolve that name server to an IP address.

I also don't think this would be considered a bug in Ansible. The documentation could mention that an IP address must be provided, but the examples make it clear as well. It is possible that other 'nsupdate' module users will have the same problem after updating to dnspython 2.0.0, in that case they can hopefully find this issue quickly :)

[rthalley]

Yeah, thanks for reporting it!