zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-07-28 05:26:17 +02:00
Code Issues Projects Releases Packages Wiki Activity

dnssec ans ns validation message

Browse source
This commit is contained in:
olegphenomenon 2022-02-28 12:03:45 +02:00
parent 6229147d0f
commit 87e8258572
6 changed files with 69 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

29
app/jobs/nameserver_record_validation_job.rb
View file

@ -64,12 +64,11 @@ class NameserverRecordValidationJob < ApplicationJob
nameserver.save
end
def add_nameserver_to_failed(nameserver:, reason:)
if nameserver.validation_counter.nil?
nameserver.validation_counter = 1
else
nameserver.validation_counter = nameserver.validation_counter + 1
end
def add_nameserver_to_failed(nameserver:, reason:, result_reason:)
return cname_case_handle(nameserver: nameserver, reason: reason) if result_reason == 'cname'
nameserver.validation_counter = 1 if nameserver.validation_counter.nil?
nameserver.validation_counter = nameserver.validation_counter + 1
nameserver.failed_validation_reason = reason
nameserver.save
@ -77,15 +76,25 @@ class NameserverRecordValidationJob < ApplicationJob
failed_log(text: reason, nameserver: nameserver, domain: nameserver.domain) if nameserver.failed_validation?
end
def cname_case_handle(nameserver:, reason:)
nameserver.validation_datetime = Time.zone.now
nameserver.failed_validation_reason = reason
nameserver.save
failed_log(text: reason, nameserver: nameserver, domain: nameserver.domain)
end
def parse_result(result, nameserver)
domain = Domain.find(nameserver.domain_id)
text = ""
text = ''
case result[:reason]
when 'answer'
text = "No any answer comes from **#{nameserver.hostname}**. Nameserver not exist"
text = "DNS Server **#{nameserver.hostname}** not responding"
when 'serial'
text = "Serial number for nameserver hostname **#{nameserver.hostname}** doesn't present. SOA validation failed."
text = "Serial number for nameserver hostname **#{nameserver.hostname}** of #{nameserver.domain.name} doesn't present in zone. SOA validation failed."
when 'cname'
text = "Warning: SOA record expected but CNAME found instead. This setup can lead to unexpected errors when using the domain: hostname - **#{nameserver.hostname}** of #{nameserver.domain.name}"
when 'not found'
text = "Seems nameserver hostname **#{nameserver.hostname}** doesn't exist"
when 'exception'
@ -97,7 +106,7 @@ class NameserverRecordValidationJob < ApplicationJob
end
logger.info text
add_nameserver_to_failed(nameserver: nameserver, reason: text)
add_nameserver_to_failed(nameserver: nameserver, reason: text, result_reason: result[:reason])
false
end

30
app/jobs/validate_dnssec_job.rb
View file

@ -36,7 +36,7 @@ class ValidateDnssecJob < ApplicationJob
domain.nameservers.each do |n|
next unless n.validated?
validate(hostname: n.hostname, domain: domain)
validate(nameserver: n, domain: domain)
notify_contacts(domain)
logger.info "----------------------------"
@ -54,25 +54,26 @@ class ValidateDnssecJob < ApplicationJob
# ContactNotification.notify_tech_contact(domain: domain, reason: 'dnssec')
end
def validate(hostname:, domain:, type: 'DNSKEY', klass: 'IN')
resolver = prepare_validator(hostname)
def validate(nameserver:, domain:, type: 'DNSKEY', klass: 'IN')
resolver = prepare_validator(nameserver.hostname)
answer = resolver.query(domain.name, type, klass)
return logger.info "no any data for #{domain.name} | hostname - #{hostname}" if answer.nil?
return logger.info "no any data for #{domain.name} | hostname - #{nameserver.hostname}" if answer.nil?
logger.info "-----------"
logger.info "data for domain name - #{domain.name} | hostname - #{hostname}"
logger.info "data for domain name - #{domain.name} | hostname - #{nameserver.hostname}"
logger.info "-----------"
response_container = parse_response(answer)
compare_dnssec_data(response_container: response_container, domain: domain)
compare_dnssec_data(response_container: response_container, domain: domain, nameserver: nameserver)
rescue Exception => e
logger.error "#{e.message} - domain name: #{domain.name} - hostname: #{hostname}"
logger.error "#{e.message} - domain name: #{domain.name} - hostname: #{nameserver.hostname}"
nameserver.update(failed_validation_reason: "#{e.message} - domain name: #{domain.name} - hostname: #{nameserver.hostname}")
nil
end
def compare_dnssec_data(response_container:, domain:)
def compare_dnssec_data(response_container:, domain:, nameserver:)
domain.dnskeys.each do |key|
next unless key.flags.to_s == '257'
next if key.validation_datetime.present?
@ -82,11 +83,15 @@ class ValidateDnssecJob < ApplicationJob
if flag
key.validation_datetime = Time.zone.now
key.failed_validation_reason = nil
key.save
nameserver.failed_validation_reason = nil
nameserver.save
logger.info text + " ------->> succesfully!"
else
logger.info text + " ------->> not found in zone!"
key.update!(failed_validation_reason: text + " not found in zone! Domain name - #{domain.name}. Hostname - #{nameserver.hostname}")
logger.info text + " ------->> not found in zone! Domain name - #{domain.name}. Hostname - #{nameserver.hostname}"
end
end
end
@ -133,10 +138,11 @@ class ValidateDnssecJob < ApplicationJob
inner_resolver.nameserver = nameserver
inner_resolver.packet_timeout = timeouts.to_i
inner_resolver.query_timeout = timeouts.to_i
resolver = Dnsruby::Recursor.new(inner_resolver)
resolver.dnssec = true
# resolver = Dnsruby::Recursor.new(inner_resolver)
# resolver.dnssec = true
resolver
# resolver
inner_resolver
end
def logger

8
app/services/nameserver_validator.rb
View file

@ -35,8 +35,14 @@ module NameserverValidator
return { result: false, reason: 'answer' } if result.answer.empty?
decision = result.answer.any? do |a|
a.type == 'CNAME'
end
return { result: false, reason: 'cname' } if decision
decision = result.answer.all? do |a|
a.serial.present?
a.instance_variable_defined? '@serial'
end
return { result: false, reason: 'serial' } unless decision