status checks: check IPv6 reverse DNS
This commit is contained in:
parent
20e11bbab3
commit
fdad83a1bb
2 changed files with 13 additions and 8 deletions
|
@ -10,7 +10,7 @@ Mail:
|
|||
|
||||
Control panel:
|
||||
|
||||
* When IPv6 is enabled, check that system services are accessible over IPv6 too.
|
||||
* When IPv6 is enabled, check that system services are accessible over IPv6 too and that reverse DNS is setup correctly for the IPv6 address.
|
||||
* Explanatory text for setting up secondary nameserver is added/fixed.
|
||||
* DNS checks now have a timeout in case a DNS server is not responding, so the checks don't stall indefinitely.
|
||||
* Better messages if external DNS is used and, weirdly, custom secondary nameservers are set.
|
||||
|
|
|
@ -347,15 +347,20 @@ def check_primary_hostname_dns(domain, env, output, dns_domains, dns_zonefiles):
|
|||
issues listed here."""
|
||||
% (env['PUBLIC_IP'], ip))
|
||||
|
||||
# Check reverse DNS on the PRIMARY_HOSTNAME. Note that it might not be
|
||||
# Check reverse DNS matches the PRIMARY_HOSTNAME. Note that it might not be
|
||||
# a DNS zone if it is a subdomain of another domain we have a zone for.
|
||||
ipaddr_rev = dns.reversename.from_address(env['PUBLIC_IP'])
|
||||
existing_rdns = query_dns(ipaddr_rev, "PTR")
|
||||
if existing_rdns == domain:
|
||||
output.print_ok("Reverse DNS is set correctly at ISP. [%s ↦ %s]" % (env['PUBLIC_IP'], env['PRIMARY_HOSTNAME']))
|
||||
else:
|
||||
existing_rdns_v4 = query_dns(dns.reversename.from_address(env['PUBLIC_IP']), "PTR")
|
||||
existing_rdns_v6 = query_dns(dns.reversename.from_address(env['PUBLIC_IPV6']), "PTR") if env.get("PUBLIC_IPV6") else None
|
||||
if existing_rdns_v4 == domain and existing_rdns_v6 in (None, domain):
|
||||
output.print_ok("Reverse DNS is set correctly at ISP. [%s ↦ %s]" % (
|
||||
env['PUBLIC_IP'] + (("/"+env['PUBLIC_IPV6']) if env.get("PUBLIC_IPV6") else ""),
|
||||
env['PRIMARY_HOSTNAME']))
|
||||
elif existing_rdns_v4 == existing_rdns_v6 or existing_rdns_v6 is None:
|
||||
output.print_error("""Your box's reverse DNS is currently %s, but it should be %s. Your ISP or cloud provider will have instructions
|
||||
on setting up reverse DNS for your box at %s.""" % (existing_rdns, domain, env['PUBLIC_IP']) )
|
||||
on setting up reverse DNS for your box.""" % (existing_rdns_v4, domain) )
|
||||
else:
|
||||
output.print_error("""Your box's reverse DNS is currently %s (IPv4) and %s (IPv6), but it should be %s. Your ISP or cloud provider will have instructions
|
||||
on setting up reverse DNS for your box.""" % (existing_rdns_v4, existing_rdns_v6, domain) )
|
||||
|
||||
# Check the TLSA record.
|
||||
tlsa_qname = "_25._tcp." + domain
|
||||
|
|
Loading…
Reference in a new issue