missed changes

management/dns_update.py

@@ -364,7 +364,16 @@ def build_sshfp_records():
 			s = line.split()
 			if len(s) == 2 and s[0] == 'Port':
 				ports = ports + [s[1]]
-	# the keys are the same at each port, so we only need to get
+                                
+        # This code expects ports to have size at least 1, or later code breaks
+        # with an out-of-bounds error.  The code as written pareses sshd_config
+        # to check for port 22 being open, but this isn't sufficient, since
+        # sshd has a default of 22.  So, populate the array with "22" here, since
+        # it's highly likely the default has not changed on most deployments
+        if not ports:
+		ports = ["22"]
+
+        # the keys are the same at each port, so we only need to get
 	# them at the first port found (may not be port 22)
 	keys = shell("check_output", ["ssh-keyscan", "-t", "rsa,dsa,ecdsa,ed25519", "-p", ports[0], "localhost"])
 	for key in sorted(keys.split("\n")):

management/status_checks.py

@@ -657,7 +657,11 @@ def check_web_domain(domain, rounded_time, ssl_certificates, env, output):
 	# website for also needs a signed certificate.
 	check_ssl_cert(domain, rounded_time, ssl_certificates, env, output)
 
-def query_dns(qname, rtype, nxdomain='[Not Set]', at=None):
+# On Ubuntu 18.04 dns queries by default do not query the network for loopback addresses
+# This means that dig A <my host> will always return 127.0.0.1.  I've switched the default
+# resolver for query_dns to the primary OpenDNS server, so that the correct A record will
+# be returned.  If this box is publishing DNS correctly, this should be fine, I think
+def query_dns(qname, rtype, nxdomain='[Not Set]', at="208.67.222.222"):
 	# Make the qname absolute by appending a period. Without this, dns.resolver.query
 	# will fall back a failed lookup to a second query with this machine's hostname
 	# appended. This has been causing some false-positive Spamhaus reports. The