nsupdate: fix GSS-TSIG support (#11712)
The fix for missing keyring initialization without TSIG auth in
PR #11461 put the initialization of "self.keyring" and "self.keyname"
in an else clause after checking if "key_name" is set.
The problem is that for "key_algorithm" == "gss-tsig":
a) "key_name" isn't set
b) self.keyring and self.keyname have already been initialized and
will be discarded
This means that gss-tsig support is broken. Fix it by moving the
initialization of "self.keyring" and "self.keyname" to the top.
(cherry picked from commit bd7b361db1)
Co-authored-by: David Härdeman <david@hardeman.nu>
nsupdate: add server FQDN and GSS-TSIG support (#11425)
* nsupdate: support server FQDN
Right now, the server has to be specified as an IPv4/IPv6 address. This
adds support for specifing the server as a FQDN as well.
* nsupdate: support GSS-TSIG/Kerberos
Add support for GSS-TSIG (Kerberos) keys to nsupdate. This makes life
easier when working with Windows DNS servers or Bind in a Kerberos
environment.
Inspiration taken from here:
https://github.com/rthalley/dnspython/pull/530#issuecomment-1363265732Closes: #5730
* nsupdate: introduce query helper function
This simplifies the code by moving the protocol checks, etc, into a
single place.
* nsupdate: try all server IP addresses
Change resolve_server() to generate a list of IPv[46] addresses, then
try all of them in a round-robin fashion in query().
* nsupdate: some more cleanups
As suggested in the PR review.
* nsupdate: apply suggestions from code review
---------
(cherry picked from commit 9fcd9338b1)
Co-authored-by: David Härdeman <david@hardeman.nu>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Adjust all __future__ imports:
for i in $(grep -REl "__future__.*absolute_import" plugins/ tests/); do
sed -e 's/from __future__ import .*/from __future__ import annotations/g' -i $i;
done
* Remove all UTF-8 encoding specifications for Python source files:
for i in $(grep -REl '[-][*]- coding: utf-8 -[*]-' plugins/ tests/); do
sed -e '/^# -\*- coding: utf-8 -\*-/d' -i $i;
done
* Remove __metaclass__ = type:
for i in $(grep -REl '__metaclass__ = type' plugins/ tests/); do
sed -e '/^__metaclass__ = type/d' -i $i;
done
* [mem ... n]*.py: normalize docs
* Update plugins/modules/netcup_dns.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* netcup_dns: change type of RV(records)
From complex to list of dicts.
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* nsupdate: fix 'index out of range' error when changing NS records
* add clog fragment
* Update changelogs/fragments/8614-nsupdate-index-out-of-range.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* nsupdate: fix 'index out of range' error when no TTL answer is given
Fix a possible `list index out of range` when no answer is returned in the `ttl_changed` method
by applying the existing workaround for NS records to all record types.
Resolves#836
* fixup! nsupdate: fix 'index out of range' error when no TTL answer is given
The SOA record for an existing zone is returned as an answer RR and not
as an authority RR. It can be returned as an authority RR for subdomains
of a zone.
$ dig -t SOA example.com
;; ANSWER SECTION:
example.com. 3530 IN SOA ns.icann.org. noc.dns.icann.org. 2022091184 7200 3600 1209600 3600
$ dig -t SOA www.example.com
;; AUTHORITY SECTION:
example.com. 3600 IN SOA ns.icann.org. noc.dns.icann.org. 2022091184 7200 3600 1209600 3600
