moepman/acertmgr
1
0
Fork 0
mirror of https://github.com/moepman/acertmgr.git synced 2025-01-01 05:31:51 +01:00
Code Releases Activity

dns.nsupdate: Fix TTL screen output and move TTL to generic dns module

Browse Source
This commit is contained in:
Kishi85 2019-03-19 12:07:42 +01:00
parent 1b95f512ed
commit 6440ef204a
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
acertmgr/modes/dns/abstract.py
View File

@ -24,6 +24,7 @@ class DNSChallengeHandler(AbstractChallengeHandler):
def __init__(self, config): def __init__(self, config):
AbstractChallengeHandler.__init__(self, config) AbstractChallengeHandler.__init__(self, config)
self.dns_updatedomain = config.get("dns_updatedomain") self.dns_updatedomain = config.get("dns_updatedomain")
self.dns_ttl = int(config.get("dns_ttl",60))
def _determine_challenge_domain(self, domain): def _determine_challenge_domain(self, domain):
if self.dns_updatedomain: if self.dns_updatedomain:

10
acertmgr/modes/dns/nsupdate.py
View File

@ -124,7 +124,6 @@ class ChallengeHandler(DNSChallengeHandler):
}) })
self.keyalgorithm = config.get("nsupdate_keyalgorithm", DEFAULT_KEY_ALGORITHM) self.keyalgorithm = config.get("nsupdate_keyalgorithm", DEFAULT_KEY_ALGORITHM)
self.dns_server = config.get("nsupdate_server") self.dns_server = config.get("nsupdate_server")
self.dns_ttl = int(config.get("nsupdate_ttl", "60"))
self.dns_verify = config.get("nsupdate_verify", "true") == "true" self.dns_verify = config.get("nsupdate_verify", "true") == "true"
def _determine_zone_and_nameserverip(self, domain): def _determine_zone_and_nameserverip(self, domain):
@ -142,7 +141,7 @@ class ChallengeHandler(DNSChallengeHandler):
zone, nameserverip = self._determine_zone_and_nameserverip(domain) zone, nameserverip = self._determine_zone_and_nameserverip(domain)
update = dns.update.Update(zone, keyring=self.keyring, keyalgorithm=self.keyalgorithm) update = dns.update.Update(zone, keyring=self.keyring, keyalgorithm=self.keyalgorithm)
update.add(domain, self.dns_ttl, dns.rdatatype.TXT, txtvalue) update.add(domain, self.dns_ttl, dns.rdatatype.TXT, txtvalue)
print('Adding \'{} 60 IN TXT "{}"\' to {}'.format(domain, txtvalue, nameserverip)) print('Adding \'{} {} IN TXT "{}"\' to {}'.format(domain, self.dns_ttl, txtvalue, nameserverip))
dns.query.tcp(update, nameserverip) dns.query.tcp(update, nameserverip)
verified = False verified = False
@ -154,7 +153,8 @@ class ChallengeHandler(DNSChallengeHandler):
for answer in rrset: for answer in rrset:
if answer.to_text().strip('"') == txtvalue: if answer.to_text().strip('"') == txtvalue:
verified = True verified = True
print('Verified \'{} 60 IN TXT "{}"\' on {}'.format(domain, print('Verified \'{} {} IN TXT "{}"\' on {}'.format(domain,
self.dns_ttl,
txtvalue, txtvalue,
nameserverip)) nameserverip))
break break
@ -163,9 +163,11 @@ class ChallengeHandler(DNSChallengeHandler):
retry += 1 retry += 1
if not self.dns_verify or verified: if not self.dns_verify or verified:
# Return a valid time at twice the given TTL (to allow DNS to propagate)
return datetime.datetime.now() + datetime.timedelta(seconds=2 * self.dns_ttl) return datetime.datetime.now() + datetime.timedelta(seconds=2 * self.dns_ttl)
else: else:
raise ValueError('Failed to verify \'{} 60 IN TXT "{}"\' on {}'.format(domain, raise ValueError('Failed to verify \'{} {} IN TXT "{}"\' on {}'.format(domain,
self.dns_ttl,
txtvalue, txtvalue,
nameserverip)) nameserverip))