diff --git a/acertmgr/modes/dns/abstract.py b/acertmgr/modes/dns/abstract.py index 3239b41..d2847a0 100644 --- a/acertmgr/modes/dns/abstract.py +++ b/acertmgr/modes/dns/abstract.py @@ -20,6 +20,7 @@ from acertmgr import tools from acertmgr.modes.abstract import AbstractChallengeHandler from acertmgr.tools import log +QUERY_TIMEOUT = 60 # seconds are the maximum for any query (otherwise the DNS server will be considered dead) REGEX_IP4 = r'^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$' REGEX_IP6 = r'^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}' \ r':|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}' \ @@ -66,7 +67,7 @@ class DNSChallengeHandler(AbstractChallengeHandler): nameserver = DNSChallengeHandler._lookup_ip(zonemaster) request = dns.message.make_query(zone, dns.rdatatype.NS) - response = dns.query.udp(request, nameserver) + response = dns.query.udp(request, nameserver, timeout=QUERY_TIMEOUT) retval = set() if response.rcode() == dns.rcode.NOERROR: for answer in response.answer: @@ -95,7 +96,7 @@ class DNSChallengeHandler(AbstractChallengeHandler): request = dns.message.make_query(domain, dns.rdatatype.SOA) for nameserver in nameservers: try: - response = dns.query.udp(request, nameserver) + response = dns.query.udp(request, nameserver, timeout=QUERY_TIMEOUT) if response.rcode() == dns.rcode.NOERROR: for answer in response.answer: for item in answer: @@ -121,9 +122,9 @@ class DNSChallengeHandler(AbstractChallengeHandler): try: request = dns.message.make_query(domain, dns.rdatatype.TXT) if use_tcp: - response = dns.query.tcp(request, nameserverip) + response = dns.query.tcp(request, nameserverip, timeout=QUERY_TIMEOUT) else: - response = dns.query.udp(request, nameserverip) + response = dns.query.udp(request, nameserverip, timeout=QUERY_TIMEOUT) for rrset in response.answer: for answer in rrset: if answer.to_text().strip('"') == txtvalue: diff --git a/acertmgr/modes/dns/nsupdate.py b/acertmgr/modes/dns/nsupdate.py index 28eca84..0a14932 100644 --- a/acertmgr/modes/dns/nsupdate.py +++ b/acertmgr/modes/dns/nsupdate.py @@ -12,7 +12,7 @@ import dns.query import dns.tsigkeyring import dns.update -from acertmgr.modes.dns.abstract import DNSChallengeHandler +from acertmgr.modes.dns.abstract import DNSChallengeHandler, QUERY_TIMEOUT from acertmgr.tools import log DEFAULT_KEY_ALGORITHM = "HMAC-MD5.SIG-ALG.REG.INT" @@ -72,14 +72,14 @@ class ChallengeHandler(DNSChallengeHandler): update = dns.update.Update(zone, keyring=self.keyring, keyalgorithm=self.keyalgorithm) update.add(domain, self.dns_ttl, dns.rdatatype.TXT, txtvalue) log('Adding \'{} {} IN TXT "{}"\' to {}'.format(domain, self.dns_ttl, txtvalue, nameserverip)) - dns.query.tcp(update, nameserverip) + dns.query.tcp(update, nameserverip, timeout=QUERY_TIMEOUT) def remove_dns_record(self, domain, txtvalue): zone, nameserverip = self._determine_zone_and_nameserverip(domain) update = dns.update.Update(zone, keyring=self.keyring, keyalgorithm=self.keyalgorithm) update.delete(domain, dns.rdata.from_text(dns.rdataclass.IN, dns.rdatatype.TXT, txtvalue)) log('Deleting \'{} {} IN TXT "{}"\' from {}'.format(domain, self.dns_ttl, txtvalue, nameserverip)) - dns.query.tcp(update, nameserverip) + dns.query.tcp(update, nameserverip, timeout=QUERY_TIMEOUT) def verify_dns_record(self, domain, txtvalue): if self.nsupdate_verify and not self.dns_verify_all_ns and not self.nsupdate_verified: