rpms / ipa

Clone
Source Code
GIT

Blame SOURCES/0092-DNSSEC-fix-forward-zone-forwarders-checks.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   a809a6539cddb3ebdbc0e23d662e2aca0fa7d982
  2.   SOURCES
  3.   0092-DNSSEC-fix-forward-zone-forwarders-checks.patch
Blob History Raw
590d18 
From 0f44ee49596f565f78144f676f431cb7f29bf15b Mon Sep 17 00:00:00 2001
590d18 
From: Martin Basti <mbasti@redhat.com>
590d18 
Date: Mon, 24 Aug 2015 12:53:30 +0200
590d18 
Subject: [PATCH] DNSSEC: fix forward zone forwarders checks
590d18
590d18 
https://fedorahosted.org/freeipa/ticket/5179
590d18
590d18 
Reviewed-By: Petr Spacek <pspacek@redhat.com>
590d18 
---
590d18 
 ipalib/util.py | 13 +++++++------
590d18 
 1 file changed, 7 insertions(+), 6 deletions(-)
590d18
590d18 
diff --git a/ipalib/util.py b/ipalib/util.py
590d18 
index 649a4875fde0b44844749946cce53d81f7f6eea4..a3500ae29b56ac6a289fbec97d15cf026baf7068 100644
590d18 
--- a/ipalib/util.py
590d18 
+++ b/ipalib/util.py
590d18 
@@ -694,20 +694,21 @@ def validate_dnssec_zone_forwarder_step2(ipa_ip_addr, fwzone, log=None,
590d18 
         ans_cd = _resolve_record(fwzone, rtype, nameserver_ip=ipa_ip_addr,
590d18 
                                  edns0=True, dnssec=True, flag_cd=True,
590d18 
                                  timeout=timeout)
590d18 
+    except NXDOMAIN as e:
590d18 
+        # sometimes CD flag is ignored and NXDomain is returned
590d18 
+        _log_response(log, e)
590d18 
+        raise DNSSECValidationError(owner=fwzone, rtype=rtype, ip=ipa_ip_addr)
590d18 
     except DNSException as e:
590d18 
         _log_response(log, e)
590d18 
+        raise UnresolvableRecordError(owner=fwzone, rtype=rtype,
590d18 
+                                      ip=ipa_ip_addr, error=e)
590d18
590d18 
     try:
590d18 
         ans_do = _resolve_record(fwzone, rtype, nameserver_ip=ipa_ip_addr,
590d18 
                                  edns0=True, dnssec=True, timeout=timeout)
590d18 
-    except NXDOMAIN as e:
590d18 
-        # sometimes CD flag is ignored and NXDomain is returned
590d18 
-        _log_response(log, e)
590d18 
-        raise DNSSECValidationError(owner=fwzone, rtype=rtype, ip=ipa_ip_addr)
590d18 
     except DNSException as e:
590d18 
         _log_response(log, e)
590d18 
-        raise UnresolvableRecordError(owner=fwzone, rtype=rtype, ip=ipa_ip_addr,
590d18 
-                                      error=e)
590d18 
+        raise DNSSECValidationError(owner=fwzone, rtype=rtype, ip=ipa_ip_addr)
590d18 
     else:
590d18 
         if (ans_do.canonical_name == ans_cd.canonical_name
590d18 
             and ans_do.rrset == ans_cd.rrset):
590d18 
--
590d18 
2.4.3
590d18

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation