dns.resolver.query treats hostnames as relative names if they don't end in a period

Relative hostnames have a fall-back lookup with the machine's hostname appended, which makes no sense. Add a period, e.g. "my.hostname.com" => "my.hostname.com.", to prevent that.

This caused false positive Spamhaus checks. Fixes #185.
This commit is contained in:
Joshua Tauberer 2014-11-21 15:14:23 +00:00
parent 3133dcd5a3
commit a7710e9058
2 changed files with 10 additions and 2 deletions

View file

@ -490,7 +490,7 @@ zone:
# Get the IP address of the nameserver by resolving it. # Get the IP address of the nameserver by resolving it.
hostname = additional_records.get("_secondary_nameserver") hostname = additional_records.get("_secondary_nameserver")
resolver = dns.resolver.get_default_resolver() resolver = dns.resolver.get_default_resolver()
response = dns.resolver.query(hostname, "A") response = dns.resolver.query(hostname+'.', "A")
ipaddr = str(response[0]) ipaddr = str(response[0])
nsdconf += """\tnotify: %s NOKEY nsdconf += """\tnotify: %s NOKEY
provide-xfr: %s NOKEY provide-xfr: %s NOKEY

View file

@ -347,7 +347,15 @@ def check_web_domain(domain, env):
check_ssl_cert(domain, env) check_ssl_cert(domain, env)
def query_dns(qname, rtype, nxdomain='[Not Set]'): def query_dns(qname, rtype, nxdomain='[Not Set]'):
resolver = dns.resolver.get_default_resolver() # Make the qname absolute by appending a period. Without this, dns.resolver.query
# will fall back a failed lookup to a second query with this machine's hostname
# appended. This has been causing some false-positive Spamhaus reports. The
# reverse DNS lookup will pass a dns.name.Name instance which is already
# absolute so we should not modify that.
if isinstance(qname, str):
qname += "."
# Do the query.
try: try:
response = dns.resolver.query(qname, rtype) response = dns.resolver.query(qname, rtype)
except (dns.resolver.NoNameservers, dns.resolver.NXDOMAIN, dns.resolver.NoAnswer): except (dns.resolver.NoNameservers, dns.resolver.NXDOMAIN, dns.resolver.NoAnswer):