record_store 5.9.0 → 5.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0de2b9654c8b2260778da756212d7e1e7a37d41044d001370f2ededcef00cec7
-  data.tar.gz: ceb08dc9a74484dd3645630901b5d13da249c0491f6244d065711977c74d557e
+  metadata.gz: 305f971c2df40732e6ed0a53798af1ef1ffe4bda959454beea2c9f2d4da09ee7
+  data.tar.gz: 4233420dd7d25ac624d52d643a4326762133f6531784de8174c1de15ca890a57
 SHA512:
-  metadata.gz: 25757a3029ee3cf1c7a15aa342f59ea7943b0e865b21df2a2d7176f31af43fbfe6763d4f5a4da7012167e82a6e82b6cb27aa1210a53f11b4f30b629de5492fa4
-  data.tar.gz: 9e16174c5c7ea101b29cbb2b347f0917e02f7b70de86be0817b7f624b5607ad97218fa22f9d6c1dabf2408632fc9bbdf500ac6e95d970e22d65838f34c883765
+  metadata.gz: 99034b1c2625066dd7c4d32ee33582ef58ad2203197c52650f2a810365799604969b49575699f70ad8a009ee443838cd2de8989e75724dc4dc8967fecfbc6e63
+  data.tar.gz: 150539a073dc355c83288f0356ba8db15d28287e17977dd7cce882487a439f19cfa614305cd67b3f1ffe1aa21f7359c170a168803248af9d8eb914f5fd844496

data/CHANGELOG.md

@@ -1,4 +1,9 @@
 # CHANGELOG
+
+## 5.10.0
+- add `record-store validate_authority` command to sanity check delegation [FEATURE]
+- fix handling of NXDOMAIN, etc. when fetching authoritative nameservers [BUGFIX]
+
 ## 5.9.0
 - add `--all` option for `record-store list` to list ignored records too [FEATURE]
 - add `record-store info` command to list providers and delegation for zones [FEATURE]

data/lib/record_store/cli.rb

@@ -44,7 +44,7 @@ module RecordStore
           puts "Authoritative nameservers:"
           delegation.each { |d| puts "- #{d}" }
         else
-          STDERR.puts "ERROR: Unable to determine delegation (#{name})"
+          $stderr.puts "ERROR: Unable to determine delegation (#{name})"
         end
       end
     end
@@ -59,8 +59,8 @@ module RecordStore
       end
     end
 
-    option :verbose, desc: 'Print records that haven\'t diverged', aliases: '-v', type: :boolean, default: false
     desc 'diff', 'Displays the DNS differences between the zone files in this repo and production'
+    option :verbose, desc: 'Print records that haven\'t diverged', aliases: '-v', type: :boolean, default: false
     def diff
       puts "Diffing #{Zone.defined.count} zones"
 
@@ -215,6 +215,58 @@ module RecordStore
       end
     end
 
+    desc 'validate_authority', 'Validates that authoritative nameservers match the providers'
+    option :verbose, desc: 'Include valid zones in output', aliases: '-v', type: :boolean, default: false
+    def validate_authority
+      verbose = options.fetch('verbose')
+
+      Zone.each do |name, zone|
+        authority = zone.fetch_authority
+
+        delegation = Hash.new { |h, k| h[k] = [] }
+        authority.each do |ns|
+          delegation[Provider.provider_for(ns)] << ns
+        end
+
+        delegated = delegation.keys.sort
+        configured = zone.config.providers.sort
+
+        ok = configured & delegated
+        missing = configured - delegated
+        unconfigured = delegated - configured
+
+        next if !verbose && missing.empty? && unconfigured.empty?
+
+        puts "\n"
+        puts "Zone: #{name}"
+
+        if verbose
+          ok.each do |provider|
+            puts "- #{provider}:"
+            delegation[provider].each do |ns|
+              puts "  - #{ns.nsdname}"
+            end
+          end
+        end
+
+        missing.each do |provider|
+          puts "- #{provider}: authoritative nameservers not found for configured provider"
+        end
+
+        unconfigured.each do |provider|
+          if provider
+            puts "- #{provider}: unexpected authoritative nameservers found"
+          else
+            puts "- Unknown: unknown authoritative nameservers found"
+          end
+
+          delegation[provider].each do |ns|
+            puts "  - #{ns.nsdname}"
+          end
+        end
+      end
+    end
+
     desc 'validate_records', 'Validates that all DNS records have valid definitions'
     def validate_records
       invalid_zones = []

data/lib/record_store/provider.rb

@@ -3,14 +3,19 @@ require 'resolv'
 module RecordStore
   class Provider
     class << self
-      def provider_for(zone_name)
-        dns = Resolv::DNS.new(nameserver: ['8.8.8.8', '8.8.4.4'])
-
-        begin
-          ns_server = dns.getresource(zone_name, Resolv::DNS::Resource::IN::SOA).mname.to_s
-        rescue Resolv::ResolvError
-          abort("Domain doesn't exist")
-        end
+      def provider_for(object)
+        ns_server =
+          case object
+          when Record::NS
+            object.nsdname.chomp('.')
+          else
+            begin
+              master_nameserver_for(object)
+            rescue Resolv::ResolvError
+              $stderr.puts "Domain doesn't exist (#{object})"
+              return
+            end
+          end
 
         case ns_server
         when /\.dnsimple\.com\z/
@@ -19,7 +24,9 @@ module RecordStore
           'DynECT'
         when /\.googledomains\.com\z/
           'GoogleCloudDNS'
-        when /\.nsone\.net\z/
+        when /\.nsone\.net\z/,
+             /\.ns1global\.net\z/,
+             /\.ns1global\.org\z/
           'NS1'
         when /\.oraclecloud\.net\z/
           'OracleCloudDNS'
@@ -115,6 +122,12 @@ module RecordStore
       def update(id, record)
         raise NotImplementedError
       end
+
+      def master_nameserver_for(zone_name)
+        dns = Resolv::DNS.new(nameserver: ['8.8.8.8', '8.8.4.4'])
+
+        dns.getresource(zone_name, Resolv::DNS::Resource::IN::SOA).mname.to_s
+      end
     end
   end
 end

data/lib/record_store/version.rb

@@ -1,3 +1,3 @@
 module RecordStore
-  VERSION = '5.9.0'.freeze
+  VERSION = '5.10.0'.freeze
 end

data/lib/record_store/zone.rb

@@ -129,7 +129,7 @@ module RecordStore
     )
 
     def fetch_authority(nameserver = ROOT_SERVERS.sample)
-      Resolv::DNS.open(nameserver: nameserver) do |resolv|
+      authority = Resolv::DNS.open(nameserver: nameserver) do |resolv|
         resolv.fetch_resource(name, Resolv::DNS::Resource::IN::SOA) do |reply, name|
           break if reply.answer.any?
 
@@ -138,6 +138,11 @@ module RecordStore
           break extract_authority(reply)
         end
       end
+
+      # candidate DNS name is returned instead when NXDomain or other error
+      return nil if unrooted_name.casecmp?(Array(authority).first.to_s)
+
+      authority
     end
 
     private

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: record_store
 version: !ruby/object:Gem::Version
-  version: 5.9.0
+  version: 5.10.0
 platform: ruby
 authors:
 - Willem van Bergen
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-04-14 00:00:00.000000000 Z
+date: 2020-04-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor