mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-11-25 02:47:04 +00:00
dns.resolver.query treats hostnames as relative names if they don't end in a period
Relative hostnames have a fall-back lookup with the machine's hostname appended, which makes no sense. Add a period, e.g. "my.hostname.com" => "my.hostname.com.", to prevent that. This caused false positive Spamhaus checks. Fixes #185.
This commit is contained in:
parent
3133dcd5a3
commit
a7710e9058
@ -490,7 +490,7 @@ zone:
|
|||||||
# Get the IP address of the nameserver by resolving it.
|
# Get the IP address of the nameserver by resolving it.
|
||||||
hostname = additional_records.get("_secondary_nameserver")
|
hostname = additional_records.get("_secondary_nameserver")
|
||||||
resolver = dns.resolver.get_default_resolver()
|
resolver = dns.resolver.get_default_resolver()
|
||||||
response = dns.resolver.query(hostname, "A")
|
response = dns.resolver.query(hostname+'.', "A")
|
||||||
ipaddr = str(response[0])
|
ipaddr = str(response[0])
|
||||||
nsdconf += """\tnotify: %s NOKEY
|
nsdconf += """\tnotify: %s NOKEY
|
||||||
provide-xfr: %s NOKEY
|
provide-xfr: %s NOKEY
|
||||||
|
@ -347,7 +347,15 @@ def check_web_domain(domain, env):
|
|||||||
check_ssl_cert(domain, env)
|
check_ssl_cert(domain, env)
|
||||||
|
|
||||||
def query_dns(qname, rtype, nxdomain='[Not Set]'):
|
def query_dns(qname, rtype, nxdomain='[Not Set]'):
|
||||||
resolver = dns.resolver.get_default_resolver()
|
# Make the qname absolute by appending a period. Without this, dns.resolver.query
|
||||||
|
# will fall back a failed lookup to a second query with this machine's hostname
|
||||||
|
# appended. This has been causing some false-positive Spamhaus reports. The
|
||||||
|
# reverse DNS lookup will pass a dns.name.Name instance which is already
|
||||||
|
# absolute so we should not modify that.
|
||||||
|
if isinstance(qname, str):
|
||||||
|
qname += "."
|
||||||
|
|
||||||
|
# Do the query.
|
||||||
try:
|
try:
|
||||||
response = dns.resolver.query(qname, rtype)
|
response = dns.resolver.query(qname, rtype)
|
||||||
except (dns.resolver.NoNameservers, dns.resolver.NXDOMAIN, dns.resolver.NoAnswer):
|
except (dns.resolver.NoNameservers, dns.resolver.NXDOMAIN, dns.resolver.NoAnswer):
|
||||||
|
Loading…
Reference in New Issue
Block a user