From be9c892e43df12aac474f950f31c6356760e9d24 Mon Sep 17 00:00:00 2001 From: Scott Sievert Date: Mon, 8 Feb 2021 08:54:04 -0600 Subject: [PATCH 1/6] Soften DNSSEC error message for external DNS users --- management/status_checks.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/management/status_checks.py b/management/status_checks.py index 631a82a2..535a691e 100755 --- a/management/status_checks.py +++ b/management/status_checks.py @@ -592,9 +592,9 @@ def check_dnssec(domain, env, output, dns_zonefiles, is_checking_primary=False): return output.print_error("""This domain's DNSSEC DS record is incorrect. The chain of trust is broken between the public DNS system and this machine's DNS server. It may take several hours for public DNS to update after a change. If you did not recently - make a change, you must resolve this immediately by following the instructions provided by your domain name registrar and - provide to them this information:""") - output.print_line("") + make a change (and are not using external/custom DNS), you must resolve this immediately by following the instructions + provided by your domain name registrar and provide to them this information:""") + output.print_line("") output.print_line("Key Tag: " + ds_keytag + ("" if not ds_looks_valid or ds[0] == ds_keytag else " (Got '%s')" % ds[0])) output.print_line("Key Flags: KSK") output.print_line( @@ -612,6 +612,7 @@ def check_dnssec(domain, env, output, dns_zonefiles, is_checking_primary=False): output.print_line("Bulk/Record Format:") output.print_line("" + ds_correct[0]) output.print_line("") + output.print_line("This DS record is not relevant when using external/custom DNS.") def check_mail_domain(domain, env, output): # Check the MX record. From 3d3906d3c046d1637e335a0df708a8f75d2b24d3 Mon Sep 17 00:00:00 2001 From: Scott Date: Mon, 8 Feb 2021 09:02:16 -0600 Subject: [PATCH 2/6] spaces -> tabs --- management/status_checks.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/management/status_checks.py b/management/status_checks.py index 535a691e..a10047eb 100755 --- a/management/status_checks.py +++ b/management/status_checks.py @@ -594,7 +594,7 @@ def check_dnssec(domain, env, output, dns_zonefiles, is_checking_primary=False): and this machine's DNS server. It may take several hours for public DNS to update after a change. If you did not recently make a change (and are not using external/custom DNS), you must resolve this immediately by following the instructions provided by your domain name registrar and provide to them this information:""") - output.print_line("") + output.print_line("") output.print_line("Key Tag: " + ds_keytag + ("" if not ds_looks_valid or ds[0] == ds_keytag else " (Got '%s')" % ds[0])) output.print_line("Key Flags: KSK") output.print_line( @@ -612,7 +612,7 @@ def check_dnssec(domain, env, output, dns_zonefiles, is_checking_primary=False): output.print_line("Bulk/Record Format:") output.print_line("" + ds_correct[0]) output.print_line("") - output.print_line("This DS record is not relevant when using external/custom DNS.") + output.print_line("This DS record is not relevant when using external/custom DNS.") def check_mail_domain(domain, env, output): # Check the MX record. From 52cfd23a37f94c63d3a0bfc9d0ef4b6e08ca108d Mon Sep 17 00:00:00 2001 From: Scott Date: Sun, 28 Feb 2021 22:08:31 -0600 Subject: [PATCH 3/6] Proper wording --- management/status_checks.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/management/status_checks.py b/management/status_checks.py index a10047eb..2f9e0d93 100755 --- a/management/status_checks.py +++ b/management/status_checks.py @@ -592,7 +592,7 @@ def check_dnssec(domain, env, output, dns_zonefiles, is_checking_primary=False): return output.print_error("""This domain's DNSSEC DS record is incorrect. The chain of trust is broken between the public DNS system and this machine's DNS server. It may take several hours for public DNS to update after a change. If you did not recently - make a change (and are not using external/custom DNS), you must resolve this immediately by following the instructions + make a change (and are not using this box for DNS aka external DNS), you must resolve this immediately by following the instructions provided by your domain name registrar and provide to them this information:""") output.print_line("") output.print_line("Key Tag: " + ds_keytag + ("" if not ds_looks_valid or ds[0] == ds_keytag else " (Got '%s')" % ds[0])) From 82599f3c8f72234bf73f3e83c02554debc1250f5 Mon Sep 17 00:00:00 2001 From: Scott Date: Sun, 28 Feb 2021 22:10:15 -0600 Subject: [PATCH 4/6] paragraph wrapping --- management/status_checks.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/management/status_checks.py b/management/status_checks.py index 2f9e0d93..8ea485fa 100755 --- a/management/status_checks.py +++ b/management/status_checks.py @@ -592,8 +592,8 @@ def check_dnssec(domain, env, output, dns_zonefiles, is_checking_primary=False): return output.print_error("""This domain's DNSSEC DS record is incorrect. The chain of trust is broken between the public DNS system and this machine's DNS server. It may take several hours for public DNS to update after a change. If you did not recently - make a change (and are not using this box for DNS aka external DNS), you must resolve this immediately by following the instructions - provided by your domain name registrar and provide to them this information:""") + make a change (and are not using this box for DNS aka external DNS), you must resolve this immediately by following the + instructions provided by your domain name registrar and provide to them this information:""") output.print_line("") output.print_line("Key Tag: " + ds_keytag + ("" if not ds_looks_valid or ds[0] == ds_keytag else " (Got '%s')" % ds[0])) output.print_line("Key Flags: KSK") From 31153315a222bf38a59a7f3064b78f1a38bcd0f5 Mon Sep 17 00:00:00 2001 From: Scott Date: Thu, 4 Mar 2021 20:41:43 -0600 Subject: [PATCH 5/6] spaces -> tabs again --- management/status_checks.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/management/status_checks.py b/management/status_checks.py index 8ea485fa..9548b999 100755 --- a/management/status_checks.py +++ b/management/status_checks.py @@ -593,7 +593,7 @@ def check_dnssec(domain, env, output, dns_zonefiles, is_checking_primary=False): output.print_error("""This domain's DNSSEC DS record is incorrect. The chain of trust is broken between the public DNS system and this machine's DNS server. It may take several hours for public DNS to update after a change. If you did not recently make a change (and are not using this box for DNS aka external DNS), you must resolve this immediately by following the - instructions provided by your domain name registrar and provide to them this information:""") + instructions provided by your domain name registrar and provide to them this information:""") output.print_line("") output.print_line("Key Tag: " + ds_keytag + ("" if not ds_looks_valid or ds[0] == ds_keytag else " (Got '%s')" % ds[0])) output.print_line("Key Flags: KSK") From 0c3e796e0f4236278c873e0a2077a980705245dc Mon Sep 17 00:00:00 2001 From: Scott Sievert Date: Wed, 10 Mar 2021 11:24:57 -0600 Subject: [PATCH 6/6] Update status_checks.py --- management/status_checks.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/management/status_checks.py b/management/status_checks.py index 9548b999..a73d36f4 100755 --- a/management/status_checks.py +++ b/management/status_checks.py @@ -612,7 +612,7 @@ def check_dnssec(domain, env, output, dns_zonefiles, is_checking_primary=False): output.print_line("Bulk/Record Format:") output.print_line("" + ds_correct[0]) output.print_line("") - output.print_line("This DS record is not relevant when using external/custom DNS.") + output.print_line("This DS record is not relevant when using external DNS.") def check_mail_domain(domain, env, output): # Check the MX record.