record_store 5.9.0 → 5.10.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/lib/record_store/cli.rb +54 -2
- data/lib/record_store/provider.rb +22 -9
- data/lib/record_store/version.rb +1 -1
- data/lib/record_store/zone.rb +6 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 305f971c2df40732e6ed0a53798af1ef1ffe4bda959454beea2c9f2d4da09ee7
|
|
4
|
+
data.tar.gz: 4233420dd7d25ac624d52d643a4326762133f6531784de8174c1de15ca890a57
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 99034b1c2625066dd7c4d32ee33582ef58ad2203197c52650f2a810365799604969b49575699f70ad8a009ee443838cd2de8989e75724dc4dc8967fecfbc6e63
|
|
7
|
+
data.tar.gz: 150539a073dc355c83288f0356ba8db15d28287e17977dd7cce882487a439f19cfa614305cd67b3f1ffe1aa21f7359c170a168803248af9d8eb914f5fd844496
|
data/CHANGELOG.md
CHANGED
|
@@ -1,4 +1,9 @@
|
|
|
1
1
|
# CHANGELOG
|
|
2
|
+
|
|
3
|
+
## 5.10.0
|
|
4
|
+
- add `record-store validate_authority` command to sanity check delegation [FEATURE]
|
|
5
|
+
- fix handling of NXDOMAIN, etc. when fetching authoritative nameservers [BUGFIX]
|
|
6
|
+
|
|
2
7
|
## 5.9.0
|
|
3
8
|
- add `--all` option for `record-store list` to list ignored records too [FEATURE]
|
|
4
9
|
- add `record-store info` command to list providers and delegation for zones [FEATURE]
|
data/lib/record_store/cli.rb
CHANGED
|
@@ -44,7 +44,7 @@ module RecordStore
|
|
|
44
44
|
puts "Authoritative nameservers:"
|
|
45
45
|
delegation.each { |d| puts "- #{d}" }
|
|
46
46
|
else
|
|
47
|
-
|
|
47
|
+
$stderr.puts "ERROR: Unable to determine delegation (#{name})"
|
|
48
48
|
end
|
|
49
49
|
end
|
|
50
50
|
end
|
|
@@ -59,8 +59,8 @@ module RecordStore
|
|
|
59
59
|
end
|
|
60
60
|
end
|
|
61
61
|
|
|
62
|
-
option :verbose, desc: 'Print records that haven\'t diverged', aliases: '-v', type: :boolean, default: false
|
|
63
62
|
desc 'diff', 'Displays the DNS differences between the zone files in this repo and production'
|
|
63
|
+
option :verbose, desc: 'Print records that haven\'t diverged', aliases: '-v', type: :boolean, default: false
|
|
64
64
|
def diff
|
|
65
65
|
puts "Diffing #{Zone.defined.count} zones"
|
|
66
66
|
|
|
@@ -215,6 +215,58 @@ module RecordStore
|
|
|
215
215
|
end
|
|
216
216
|
end
|
|
217
217
|
|
|
218
|
+
desc 'validate_authority', 'Validates that authoritative nameservers match the providers'
|
|
219
|
+
option :verbose, desc: 'Include valid zones in output', aliases: '-v', type: :boolean, default: false
|
|
220
|
+
def validate_authority
|
|
221
|
+
verbose = options.fetch('verbose')
|
|
222
|
+
|
|
223
|
+
Zone.each do |name, zone|
|
|
224
|
+
authority = zone.fetch_authority
|
|
225
|
+
|
|
226
|
+
delegation = Hash.new { |h, k| h[k] = [] }
|
|
227
|
+
authority.each do |ns|
|
|
228
|
+
delegation[Provider.provider_for(ns)] << ns
|
|
229
|
+
end
|
|
230
|
+
|
|
231
|
+
delegated = delegation.keys.sort
|
|
232
|
+
configured = zone.config.providers.sort
|
|
233
|
+
|
|
234
|
+
ok = configured & delegated
|
|
235
|
+
missing = configured - delegated
|
|
236
|
+
unconfigured = delegated - configured
|
|
237
|
+
|
|
238
|
+
next if !verbose && missing.empty? && unconfigured.empty?
|
|
239
|
+
|
|
240
|
+
puts "\n"
|
|
241
|
+
puts "Zone: #{name}"
|
|
242
|
+
|
|
243
|
+
if verbose
|
|
244
|
+
ok.each do |provider|
|
|
245
|
+
puts "- #{provider}:"
|
|
246
|
+
delegation[provider].each do |ns|
|
|
247
|
+
puts " - #{ns.nsdname}"
|
|
248
|
+
end
|
|
249
|
+
end
|
|
250
|
+
end
|
|
251
|
+
|
|
252
|
+
missing.each do |provider|
|
|
253
|
+
puts "- #{provider}: authoritative nameservers not found for configured provider"
|
|
254
|
+
end
|
|
255
|
+
|
|
256
|
+
unconfigured.each do |provider|
|
|
257
|
+
if provider
|
|
258
|
+
puts "- #{provider}: unexpected authoritative nameservers found"
|
|
259
|
+
else
|
|
260
|
+
puts "- Unknown: unknown authoritative nameservers found"
|
|
261
|
+
end
|
|
262
|
+
|
|
263
|
+
delegation[provider].each do |ns|
|
|
264
|
+
puts " - #{ns.nsdname}"
|
|
265
|
+
end
|
|
266
|
+
end
|
|
267
|
+
end
|
|
268
|
+
end
|
|
269
|
+
|
|
218
270
|
desc 'validate_records', 'Validates that all DNS records have valid definitions'
|
|
219
271
|
def validate_records
|
|
220
272
|
invalid_zones = []
|
|
@@ -3,14 +3,19 @@ require 'resolv'
|
|
|
3
3
|
module RecordStore
|
|
4
4
|
class Provider
|
|
5
5
|
class << self
|
|
6
|
-
def provider_for(
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
6
|
+
def provider_for(object)
|
|
7
|
+
ns_server =
|
|
8
|
+
case object
|
|
9
|
+
when Record::NS
|
|
10
|
+
object.nsdname.chomp('.')
|
|
11
|
+
else
|
|
12
|
+
begin
|
|
13
|
+
master_nameserver_for(object)
|
|
14
|
+
rescue Resolv::ResolvError
|
|
15
|
+
$stderr.puts "Domain doesn't exist (#{object})"
|
|
16
|
+
return
|
|
17
|
+
end
|
|
18
|
+
end
|
|
14
19
|
|
|
15
20
|
case ns_server
|
|
16
21
|
when /\.dnsimple\.com\z/
|
|
@@ -19,7 +24,9 @@ module RecordStore
|
|
|
19
24
|
'DynECT'
|
|
20
25
|
when /\.googledomains\.com\z/
|
|
21
26
|
'GoogleCloudDNS'
|
|
22
|
-
when /\.nsone\.net\z
|
|
27
|
+
when /\.nsone\.net\z/,
|
|
28
|
+
/\.ns1global\.net\z/,
|
|
29
|
+
/\.ns1global\.org\z/
|
|
23
30
|
'NS1'
|
|
24
31
|
when /\.oraclecloud\.net\z/
|
|
25
32
|
'OracleCloudDNS'
|
|
@@ -115,6 +122,12 @@ module RecordStore
|
|
|
115
122
|
def update(id, record)
|
|
116
123
|
raise NotImplementedError
|
|
117
124
|
end
|
|
125
|
+
|
|
126
|
+
def master_nameserver_for(zone_name)
|
|
127
|
+
dns = Resolv::DNS.new(nameserver: ['8.8.8.8', '8.8.4.4'])
|
|
128
|
+
|
|
129
|
+
dns.getresource(zone_name, Resolv::DNS::Resource::IN::SOA).mname.to_s
|
|
130
|
+
end
|
|
118
131
|
end
|
|
119
132
|
end
|
|
120
133
|
end
|
data/lib/record_store/version.rb
CHANGED
data/lib/record_store/zone.rb
CHANGED
|
@@ -129,7 +129,7 @@ module RecordStore
|
|
|
129
129
|
)
|
|
130
130
|
|
|
131
131
|
def fetch_authority(nameserver = ROOT_SERVERS.sample)
|
|
132
|
-
Resolv::DNS.open(nameserver: nameserver) do |resolv|
|
|
132
|
+
authority = Resolv::DNS.open(nameserver: nameserver) do |resolv|
|
|
133
133
|
resolv.fetch_resource(name, Resolv::DNS::Resource::IN::SOA) do |reply, name|
|
|
134
134
|
break if reply.answer.any?
|
|
135
135
|
|
|
@@ -138,6 +138,11 @@ module RecordStore
|
|
|
138
138
|
break extract_authority(reply)
|
|
139
139
|
end
|
|
140
140
|
end
|
|
141
|
+
|
|
142
|
+
# candidate DNS name is returned instead when NXDomain or other error
|
|
143
|
+
return nil if unrooted_name.casecmp?(Array(authority).first.to_s)
|
|
144
|
+
|
|
145
|
+
authority
|
|
141
146
|
end
|
|
142
147
|
|
|
143
148
|
private
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: record_store
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.
|
|
4
|
+
version: 5.10.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Willem van Bergen
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2020-04-
|
|
12
|
+
date: 2020-04-15 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: thor
|